3cf1792dee586bf8aaf00c67f1f424455181a5ca886cb4253ea0c8989e7e5ee3

Sharing

Copy URL

Twitter E-mail

General

Target

f529d7434ca8ef314c197e4a486cf39b_JaffaCakes118
Size

3.6MB
Sample

240925-ewgcyavcpj
MD5

f529d7434ca8ef314c197e4a486cf39b
SHA1

f9719dda8560f18d8a6bd238623527bfc1a1af1d
SHA256

3cf1792dee586bf8aaf00c67f1f424455181a5ca886cb4253ea0c8989e7e5ee3
SHA512

c26a1b094de31a7f4670eda7d5c44f9cea88018d05692ddbdbee3a08ffade2db313dbef9d39a0ee3ce12ada8175eb2ce3d49608d6f7166f1a5b6770611a741b9
SSDEEP

49152:K0c24StiTTsdoNDjoJSFWWCycq1mFDbPd3Zm7BmKGMkO/VcmFJRUZYUxPIatLmE/:K36ivJDiSFdph1mPYAlO/hJ6ZYWpqn8

Score

7^/10

Malware Config

Targets

- Target
  
  f529d7434ca8ef314c197e4a486cf39b_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  f529d7434ca8ef314c197e4a486cf39b
- SHA1
  
  f9719dda8560f18d8a6bd238623527bfc1a1af1d
- SHA256
  
  3cf1792dee586bf8aaf00c67f1f424455181a5ca886cb4253ea0c8989e7e5ee3
- SHA512
  
  c26a1b094de31a7f4670eda7d5c44f9cea88018d05692ddbdbee3a08ffade2db313dbef9d39a0ee3ce12ada8175eb2ce3d49608d6f7166f1a5b6770611a741b9
- SSDEEP
  
  49152:K0c24StiTTsdoNDjoJSFWWCycq1mFDbPd3Zm7BmKGMkO/VcmFJRUZYUxPIatLmE/:K36ivJDiSFdph1mPYAlO/hJ6ZYWpqn8
Score

7^/10

discovery adware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/GameuxInstallHelper.dll
- Size
  
  94KB
- MD5
  
  4d3ac88054df63fc810427bdaa96c458
- SHA1
  
  e4d554e03ba91f6b53a2a80253b339f56e303c94
- SHA256
  
  b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6
- SHA512
  
  d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54
- SSDEEP
  
  1536:B+cZE7LuH82vbVSEru0QrtLMNYxKoqbEnz8Gj1Nh5vIexy8Cy/3:YcE7LV2ULMZowGjJ5vIexy8Cy/3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstGameInfoHelper.exe
- Size
  
  99KB
- MD5
  
  3d3d2bf9c42dbdf97247775c00f22190
- SHA1
  
  7a046170aaeb5e1a29d8c8cd7c32225f49237aa1
- SHA256
  
  59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a
- SHA512
  
  6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466
- SSDEEP
  
  1536:3HzOAUoqkqff6SgsbBa8zl2P2Mv1LkZ0v/lAZMnLHI595a6QNt8kcTT:3CAUoqkPSjlsboGnLHo95a65FTT
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/IwinToolbar.exe
- Size
  
  524KB
- MD5
  
  d79746389ef770201e022f971199d451
- SHA1
  
  84789d7e4de78e946778719e80982b056001ed58
- SHA256
  
  2a2c31ec612ded841ccf3306767e2f572acb89bee13744c2714c2d3af9324a78
- SHA512
  
  d69947d1cd040d9c4301c1d27dfeff14446b696360d54b639bc00e2b5187eaf05df189fc0bb18660678747e0843923dec8545bad213c1193bbd979de548563d2
- SSDEEP
  
  6144:tnPacwH/cnudOSoURoauCiE1s5qbk7kCeHhxZWZoZZnnqPEH:vncsMoauCnykCeHFRZZnn3H
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/smartinstallAllinOne.exe
- Size
  
  202KB
- MD5
  
  082c78654828352b43e7818ae272c826
- SHA1
  
  b1a6c498bc0ed6776e84345e30df83a7c0db425a
- SHA256
  
  981c92d332c0c69c89b2c8d944f8a773823ec91228deb4447898773df7822bc5
- SHA512
  
  eb6ef52b589d0b948992c23781516745d6417a96bfc85fab2654b3dca18d6a61e4083c04afd8bb887ce0f721f197cd1fc1738af7a65dd1ad77ddd86597f73ac1
- SSDEEP
  
  6144:h40JDvFeKBw8v92A7BBNC0kz/ifYxUxBE1T3N:71Bv/NwbWTC3N
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  AdminWorker.exe
- Size
  
  211KB
- MD5
  
  f9fd93fd84a004097ca606fbe0a27665
- SHA1
  
  82455d34481ca07539a8fc4faffbcc38fd519ff7
- SHA256
  
  71a6e9b27cd77a36bb80be4cbd237ece76df807f4bd0664f4d3d590f46614fc4
- SHA512
  
  b778dced2953d96d7b79a23b8d3774147d6acb9527dc4c1354e5c67b99820df4d673d7c2281a1943c80dc4789e7c3cf957521a7cfa5b8b7f4521cc3df3246134
- SSDEEP
  
  6144:qBS8NAQIuza+OnL/ZgrF2BD6J2Qvd5jyne:qBS8NAQIuza+ODZ+YW31
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Uninstall.exe
- Size
  
  129KB
- MD5
  
  49c9d6cadd02bfff54851d0b0cafd557
- SHA1
  
  9bb1dbff1ff7fcf171610133354ffeab1f522d82
- SHA256
  
  c7550a63d4547fb15d9eb84b10bd7ed68e71e860604da1b7fd3c375ce58f0cbe
- SHA512
  
  c982f388f605bbdb784b04078a2e2cce7794867b45cc89359425efa7ab3101ba9410b3867554da0f2ebc62895e8ed0ff6211fb1e0408860962907a49942f76eb
- SSDEEP
  
  3072:w+8uyHOQXJoHS4Z5t2Zip6dmDHgG2ojdotyVnwz:w8+/4fQsp6dAT2ojdoIBwz
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/GameuxInstallHelper.dll
- Size
  
  94KB
- MD5
  
  4d3ac88054df63fc810427bdaa96c458
- SHA1
  
  e4d554e03ba91f6b53a2a80253b339f56e303c94
- SHA256
  
  b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6
- SHA512
  
  d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54
- SSDEEP
  
  1536:B+cZE7LuH82vbVSEru0QrtLMNYxKoqbEnz8Gj1Nh5vIexy8Cy/3:YcE7LV2ULMZowGjJ5vIexy8Cy/3
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  WebInstaller.exe
- Size
  
  120KB
- MD5
  
  0fa913aeea4cb78fa9129db050dd70e1
- SHA1
  
  84ce5ccca3ac382c34f28800cff149ab0f7c36e6
- SHA256
  
  eda8c2e18d760d04cf9f5c7d88078d45fa4eb34b43a9bb39ac3c0ca45afd463c
- SHA512
  
  4901fadd10ad6a01d9f4d99609723a0d172e1529572610aaa1490ea11f0fc393e857b00ba669b30dae8695e0312e2341176571a3fd57d722818c959da4fb3d90
- SSDEEP
  
  3072:YZ54bhCRXXACKWzPKq8XvvenK+mXhAB4Lu:854bhEXZrKFXenSu4u
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral23 behavioral24
- Target
  
  WebUpdater.exe
- Size
  
  181KB
- MD5
  
  7b6972e9ca922d233c579806d2ff14dd
- SHA1
  
  8c100d8b02ef942e9798ad3ae22ae88e5e6936b6
- SHA256
  
  69deff53dff5912cf382c5dda338d8172c6d9a4e726e93217414b1ae058e4f33
- SHA512
  
  8e4b20e21a61c43b169b32a731688f99b566294877147547df5d049e71f2143d746cd4ca6450ed763951ec3a37e29cec4dfb64e13fce52bb30aeb97e59a4d368
- SSDEEP
  
  3072:FUjqLbLz/uWcxjLInqvqQeUvfnR22jc+9vhqKlx5imu:Fyu372lLIniZP4kqKjER
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  content/iwa-ovr.js
- Size
  
  5KB
- MD5
  
  8aeb23a43bad2fc8de5f7e4aececac2a
- SHA1
  
  db9404e8bce25a3e19ebbae6410e8f635f3dbe85
- SHA256
  
  0cdec0385c4f087fc4520ea5b8bdf45275166592100866dd1dba8851fd83ff38
- SHA512
  
  e6133e88c6ee6b3075e3bbfc197bc142222e6b14d102f8057e3edb00048216ee63bc083ce15ac770452e807105790ed69c479e245c95278e0ecdd65b25258eaf
- SSDEEP
  
  96:FEyzI+6/5S0WQJqLg4MEv/wzeNywJnLdHbON4rUvVwX3kiOoauxmQQXdH5p:FYg0pqM3KwMHb4skL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  content/iwinarcade.js
- Size
  
  100B
- MD5
  
  28494ad572103e06973dedc5fe9a0666
- SHA1
  
  4ba036fc7689f6892476d6bf8d18cbbfef3871ff
- SHA256
  
  bdfcc77706582ebf878ccc6158f52ad2e17111baeb0ac4a42c8fa8e7ebfa6c9d
- SHA512
  
  1db6dcd0fa8222fe6767433408bfbed4b196b4a0bc52ac42e1bd1756013654b3c5c68a3c69f2c42b0d472a368fd98ed693a846cc076629b35433b8e5bb1d47d6
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  content/uninstall.html
- Size
  
  517B
- MD5
  
  129d0a4e13b0bbe1b7d09577dd6bc8d9
- SHA1
  
  c72554923635e134de27efb5280108e6b09281b5
- SHA256
  
  6cbe1d3f09a8f60f3ed8d44188aec925e597de153b3fdfd3d643be451d7c013a
- SHA512
  
  e00537367c27aa0af9625c04990466218a599152122bc7d9af7b766749f6affec127ba190ef025bd8db296ce42a077e99179d2f267cedf0697cb787902a6e306
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Installs/modifies Browser Helper Object

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32