General
-
Target
f6668db0b61bc428756c643a4bd0cd42_JaffaCakes118
-
Size
382KB
-
Sample
240925-twf5haybmh
-
MD5
f6668db0b61bc428756c643a4bd0cd42
-
SHA1
ece7460af9560e9154c6f5d307baddbca15620e1
-
SHA256
f3742cb8c7e315bcdbd8ac763609f870282957c9ed174f7d2de2f8e614e780a7
-
SHA512
b52c2d7b7b69dafd4cd78be1979f1f22e94d06ecbfd91ac82e949088960705c03d5963f766770e22f06e6768ecfff2d5ccbf8da794179d81fb2c5bcb5d39598a
-
SSDEEP
6144:9Tq+P6GQgTCqSBam14ckqGMkNgypdj4a2gz+M0YfJnlCHhMjWP+TLxklIm5vqAb:9R6GPTCq9m1HkqlO7pJzf0YBnlCHhMu/
Malware Config
Targets
-
-
Target
f6668db0b61bc428756c643a4bd0cd42_JaffaCakes118
-
Size
382KB
-
MD5
f6668db0b61bc428756c643a4bd0cd42
-
SHA1
ece7460af9560e9154c6f5d307baddbca15620e1
-
SHA256
f3742cb8c7e315bcdbd8ac763609f870282957c9ed174f7d2de2f8e614e780a7
-
SHA512
b52c2d7b7b69dafd4cd78be1979f1f22e94d06ecbfd91ac82e949088960705c03d5963f766770e22f06e6768ecfff2d5ccbf8da794179d81fb2c5bcb5d39598a
-
SSDEEP
6144:9Tq+P6GQgTCqSBam14ckqGMkNgypdj4a2gz+M0YfJnlCHhMjWP+TLxklIm5vqAb:9R6GPTCq9m1HkqlO7pJzf0YBnlCHhMu/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
content/browserLoad.js
-
Size
20KB
-
MD5
0dcb50a058d2aa383efa87951405d9e8
-
SHA1
b41633a909561bb0fa204c622435a5afd7733f60
-
SHA256
b0f28bcd4b4e6b746eda5bad9022665cac9db72b2e5b941cfed8c048e8eaa343
-
SHA512
756aaa414594ad3cf136b77f98f26cee37934450f2fa1275df27e6c0822373c2472d8452d6b1d19c012bd55b9cfc022e183c46badfd24d43d8649f2896a625eb
-
SSDEEP
192:nnSRPdZ+o5oIea+yaq+IGYOK7HyzEJY841OIQ0khmR5l0VElHDkmCyvMHxlBdSZj:euO8YO+j2GEtwzRZ5E1a2aWa02wOh4vH
Score3/10 -
-
-
Target
content/priam.js
-
Size
58KB
-
MD5
6dbbbcc74ae19dfe0aaf25c469ae0a97
-
SHA1
554cb00410218c5a33ea080b51cad2011f996324
-
SHA256
7f5786fb5f3e840d01d95883d7cb1314603427213cad9b6b4f2c977ed00e265d
-
SHA512
11ae1751183b3ea2c02ea8b11b94a2e9c656087e5ab23d49d5f95b63fdbc2e23a342e5d6255bf54b0ea080817b6489bae1b12be6e063a336512037cd2af92daa
-
SSDEEP
768:BxG5pEv6Kutqseu31XpD68cZdjK3n4PvkekBKJRKRh7dR:BU5pEiKutq0W8cvkekBKJRKRh7dR
Score3/10 -
-
-
Target
content/priam_background.js
-
Size
39KB
-
MD5
4ed6ce33799bfd0998d76419d7b08a32
-
SHA1
dec0b6aa28aebe7848b2b161a920a167aa8df7de
-
SHA256
dfc5e888e4e18290d6c5ccf54ced6a5bc439c134ac0de364b8e07815ebda6649
-
SHA512
9ba63fdea7b1673ebe9eb345492f470a6bd28636d4ded2d32eb959920ea94cd7ce763e021c91b875e478fd5e88779d28ab9bf961ff14bcda2c519dda16bd3d1e
-
SSDEEP
768:P9eItPpbGt+2qqPKby6/Acu0D3pUr+wxZYfR:P8CP8t+2qqCby6NUr6
Score3/10 -
-
-
Target
content/priam_background_firefox.js
-
Size
6KB
-
MD5
3b29c8901a86f06d77d878a7659293f0
-
SHA1
baf672a8c8bf220bb02f3efbb31f9813d1320263
-
SHA256
10873ee47e1659398e7a936cdceb26f4e198fc676e2673a9a0e333fe7ea52779
-
SHA512
3f02e3eaec9e3d90bea0d3ec994ca55270ee45225f2b10c747dafb153673dde9db35bad9a69d163dec77bc57038265e62f5c496ca2306d7bbb31ca7f87d8d56f
-
SSDEEP
96:YqX0/lb8Ob27idUEEkEa8LaIB108LwI9148LsI9R:Yh98027idzEkEa2aIB102wI9142sI9R
Score3/10 -
-
-
Target
content/priam_firefox.js
-
Size
18KB
-
MD5
af3ff1309b2c69177cb444714f5b3aa8
-
SHA1
0b453cd0a80e3f10469a88c7e174844d228753a5
-
SHA256
93846d8af86711bf884c9ad346e352c0db940b035d1805ba54d18708d493ac52
-
SHA512
7b9cef947b23d778b2558a99ea45804a142522d14d768673f808e06b07e4f331929e29b8d1d53892848fab08afb28845916ffa65ff8efc7f7ae79cd1c9d6f188
-
SSDEEP
384:KjmZWU/FH5v5WZejqGh4N/tbDPCy1+pfHSi+:cmZWMFHVQZej7uZtbzcpPa
Score3/10 -
-
-
Target
defaults/preferences/priam_prefs.js
-
Size
170B
-
MD5
9e64e51a2bf26010b6b23d3445021dd8
-
SHA1
d889510d5d0bdb3a0b043c4f3b6e41f4933fed3d
-
SHA256
94854baa1afb9904e4ee0325763305a1f38caeb1914fc4760e93bab9829d76b4
-
SHA512
bcd6e65176b0743dc0e720f3c026cc6daed2bdd0e230910c8b198dfb1a998d8d899b4a7f2a7ac7c61fdcfcf06e9b04cbb37dd317f6d648f2a53318ab1634bc32
Score3/10 -
-
-
Target
html/background.html
-
Size
480B
-
MD5
72606a5a09d6a744c892ee6a29af7f26
-
SHA1
1b949d61859ec4e6edfbc86f0ca62b5699a66110
-
SHA256
837f591bcd4e0ab2cf0d38027eea57805ac0961435084c36f242ff8e3aecedba
-
SHA512
778fd756da6c5864416c8ebb7ae15110fd4614ab6202814d6bc27d8cc0294308bf2785dd9f525e775aa9d41b8f9f065de8a402006f0659331107934e2ea3c463
Score3/10 -
-
-
Target
js/background.js
-
Size
15KB
-
MD5
94c1d7e358f00070f9b0ff1b6bbcff7d
-
SHA1
320757c53d43b055e4fa1981cb2e30f6ba48ff12
-
SHA256
dc5266c27f57b73d770ec771dca504bae5797f81088a9da530b4c692da1eb3a2
-
SHA512
dd45bb9d3b6df533f3be8f52b2567a90b5d21ffd3ef94c413a93e62fc62b6bf160bf87340bd050c5a8428e5e175aa649ff64a7c557e3a61531c420690af661d3
-
SSDEEP
192:NjEkpZ6M/ffKyoQE/pUr3oYoDqwrpyAtgw8yqyguQyCHbTs:b/PYpUr3EDx0AtxPgudCs
Score3/10 -
-
-
Target
js/priam.js
-
Size
58KB
-
MD5
6dbbbcc74ae19dfe0aaf25c469ae0a97
-
SHA1
554cb00410218c5a33ea080b51cad2011f996324
-
SHA256
7f5786fb5f3e840d01d95883d7cb1314603427213cad9b6b4f2c977ed00e265d
-
SHA512
11ae1751183b3ea2c02ea8b11b94a2e9c656087e5ab23d49d5f95b63fdbc2e23a342e5d6255bf54b0ea080817b6489bae1b12be6e063a336512037cd2af92daa
-
SSDEEP
768:BxG5pEv6Kutqseu31XpD68cZdjK3n4PvkekBKJRKRh7dR:BU5pEiKutq0W8cvkekBKJRKRh7dR
Score3/10 -
-
-
Target
js/priam_background.js
-
Size
39KB
-
MD5
4ed6ce33799bfd0998d76419d7b08a32
-
SHA1
dec0b6aa28aebe7848b2b161a920a167aa8df7de
-
SHA256
dfc5e888e4e18290d6c5ccf54ced6a5bc439c134ac0de364b8e07815ebda6649
-
SHA512
9ba63fdea7b1673ebe9eb345492f470a6bd28636d4ded2d32eb959920ea94cd7ce763e021c91b875e478fd5e88779d28ab9bf961ff14bcda2c519dda16bd3d1e
-
SSDEEP
768:P9eItPpbGt+2qqPKby6/Acu0D3pUr+wxZYfR:P8CP8t+2qqCby6NUr6
Score3/10 -
-
-
Target
js/priam_chrome.js
-
Size
2KB
-
MD5
be11e5c225c39b2a73da09db0eb7665d
-
SHA1
a69e6072e87d9ce80e3df40edae86d25307ba6a3
-
SHA256
372c484ae815ffa7cb89b477e46926e47a30dfd161f4ecc6124e2465900f77ca
-
SHA512
d28cf8128dac5babe117fd6798b790a0446e14b61e0f1a30703c37f6315a4310517915b5487dbdcda65e081e514b6392df72edbe52998583f00cb5447a6e4283
Score3/10 -
-
-
Target
plugins/PriamNPAPI.dll
-
Size
55KB
-
MD5
0912d0ccfd6cbefe2bd6b4473d006771
-
SHA1
ed9dad52f3ae71472b810bfa71159d448cf3e68d
-
SHA256
c8493605aae1563e133b20543d02aa421f477b9a955fd547f7d2c7cdc1dd787d
-
SHA512
dfbe41244bfc321a9efa717924bc8cd527d422eded98c4bd0c3c8391a0bdb8619571f2c757a825cadd145ce07b235714625326fc4c16ccaef67d71a576ae1142
-
SSDEEP
768:FHeShZpSern/Z0RI8lexCL5KoThZVL4ckkx9c/UK0EDDqnjV5WLNtZXzhOn:BpZpSer/ZalXZVLDkH/UCkuLHJzhO
Score3/10 -
-
-
Target
$PLUGINSDIR/DcryptDll.dll
-
Size
14KB
-
MD5
904beebec2790ee2ca0c90fc448ac7e0
-
SHA1
40fabf1eb0a3b7168351c4514c5288216cb1566d
-
SHA256
f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222
-
SHA512
8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa
-
SSDEEP
192:apY9VuCnNCbs8dNyHdrvr5T1KEtx/9ehuhiDTUkSv/DxRyeHk51I7n13Xm:aptMNUjyVvGWxauhiDDS3DnyK7nF
Score3/10 -
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
114KB
-
MD5
a3ed6f7ea493b9644125d494fbf9a1e6
-
SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8
-
SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08
-
SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1
-
SSDEEP
1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7
Score3/10 -
-
-
Target
$PLUGINSDIR/MoreInfo.dll
-
Size
7KB
-
MD5
80e34b7f576b710d100f6e7c0bed0c2e
-
SHA1
2b5b895034d41ee0d0d01bf650594ad0d1346662
-
SHA256
569d62345f6c915236772fa2575d1806cd2bfe089505807cb477618f1eeccf99
-
SHA512
f5970c192b7089040fd1cf26e5cab131879b91722dff0216cdc735f9cfde1eda061409b579eb0f11e3b32e5513e34bbedd4050b75bb1b2acc81be814c2c6c59b
-
SSDEEP
96:lvIIAHGrJ65YtNxxDuekBSE4OTpsxKaVK4:5IVA65CNxIHk9ayxKaVK4
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1