Overview

overview

10

Static

static

3

e558c68f68...18.exe

windows7-x64

10

e558c68f68...18.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

p3qvYaOvrt==.html

windows7-x64

3

p3qvYaOvrt==.html

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    e558c68f684dff0930fa3167a3d85385_JaffaCakes118

  • Size

    360KB

  • Sample

    240916-www7tssdqg

  • MD5

    e558c68f684dff0930fa3167a3d85385

  • SHA1

    94cf171669401068b8047c04f0679bbd2f3c24df

  • SHA256

    120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba

  • SHA512

    e3d9c7c003c697775682444782a6b4068132b314c06248c12aecc53fc04135ce920437e06f329c873605370cbb0eb645d381c6c7851eae1da3fd4b313a8db482

  • SSDEEP

    6144:sUj/wnZuuGJG7sCuLdpzlY3Fv/c5QbrdNYrPYxNuZNQJFMmbjSvsASHF2DQ:sqauuGJJdbYh0CrorouacmmSYU

Score
10/10
kronosbankerbotnetdiscoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      e558c68f684dff0930fa3167a3d85385_JaffaCakes118

    • Size

      360KB

    • MD5

      e558c68f684dff0930fa3167a3d85385

    • SHA1

      94cf171669401068b8047c04f0679bbd2f3c24df

    • SHA256

      120cd3dc895723f8e5ef3e5b391527b375e7e2d9f80839a2301f0861d3c852ba

    • SHA512

      e3d9c7c003c697775682444782a6b4068132b314c06248c12aecc53fc04135ce920437e06f329c873605370cbb0eb645d381c6c7851eae1da3fd4b313a8db482

    • SSDEEP

      6144:sUj/wnZuuGJG7sCuLdpzlY3Fv/c5QbrdNYrPYxNuZNQJFMmbjSvsASHF2DQ:sqauuGJJdbYh0CrorouacmmSYU

    Score
    10/10
    kronosbankerbotnetdiscoveryevasionpersistencespywarestealer

    • Kronos

      bankerbotnetkronos

    • Modifies security service

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      5b3edb39fe9c026322caf37ea10f6733

    • SHA1

      3caf8b5b38feb87bfeb0e01e59d4e36f110c9e9e

    • SHA256

      a96b1c95f51b088ed5ec476485a6aa562cbe68a88d0261ce88bcb3dca1f1c8b0

    • SHA512

      7930e12c72744c9cf5e2f9b93236526289ed3f9773b92c865228ad33ab45d64e73ee5604a74e49630e066d802a5ca4602d4b986131d267ce17a8ce5d3b5f054c

    • SSDEEP

      384:EfC43tPegZ3eBaRwCPOYY7nNYXC7/Yosa:EKTgZ3eBTCmrnNAh

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      7583254ceddf4c35b2ba3acaabecce8b

    • SHA1

      edaca4bdf6a3793e2390d56d73b3ddf53672e2ee

    • SHA256

      9d4dcb111b52289f3b005a6ae02de2b2ef66bbe0b761d009a59bf470e95ed7ae

    • SHA512

      4beca247af53a0c59c7f76cdc6c4ac709f2c06f115e21cd0eb69f90aa274de16275b659a7d64aef7d5942b50566f658cb7f130a1b42088e23075040865dbbda4

    • SSDEEP

      96:m8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/l3lkCTcaqHCI:fZIKXgk+cx6QYFkAZlncviI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a4dd044bcd94e9b3370ccf095b31f896

    • SHA1

      17c78201323ab2095bc53184aa8267c9187d5173

    • SHA256

      2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

    • SHA512

      87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

    • SSDEEP

      192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      p3qvYaOvrt==

    • Size

      229B

    • MD5

      f1f809c97cefe87b05cf07bd7f006221

    • SHA1

      d422209e6460d01805b8450bd5d1b9e8379a2d5b

    • SHA256

      23f2d5e78e6d6f505be2631c837f937100d9495a9af5263b18f8a9703f928608

    • SHA512

      2a01762c366ed70543ce758f04eb399322581627fa6e740b3e9bb198adda8470dd024cc0d2608966644cc9fd98543c5769eb8620223b090c5c55cc063c8608a0

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      uninst.exe

    • Size

      72KB

    • MD5

      579ad42f6395a051fe6f06ea2ecc5171

    • SHA1

      fd170450f91c54fc355d2a7bf83b93cabc2b4cb3

    • SHA256

      d04ab79d6fd6ab991b000e9fb596de89d34b2f88cc5a924691b1619a93b56e3a

    • SHA512

      31630e1ddf70b8f00bdcae6e0a4f9bdc8587dce377a00fe99be1e33049507966ebc3e3f5712420f3ed190e8d1471890644c49434e4baaa7540bf256bd0abdac9

    • SSDEEP

      1536:sYHhhDWkSkWIGq4wjiKuxgg+SsN7buCryG/103tP0o9gJ5iJsx:sKWAj/hjiKuxb+vnuCryGdePraCi

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      5b3edb39fe9c026322caf37ea10f6733

    • SHA1

      3caf8b5b38feb87bfeb0e01e59d4e36f110c9e9e

    • SHA256

      a96b1c95f51b088ed5ec476485a6aa562cbe68a88d0261ce88bcb3dca1f1c8b0

    • SHA512

      7930e12c72744c9cf5e2f9b93236526289ed3f9773b92c865228ad33ab45d64e73ee5604a74e49630e066d802a5ca4602d4b986131d267ce17a8ce5d3b5f054c

    • SSDEEP

      384:EfC43tPegZ3eBaRwCPOYY7nNYXC7/Yosa:EKTgZ3eBTCmrnNAh

    Score
    3/10
    discovery
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks