Overview

overview

7

Static

static

3

08733ff9ca...18.exe

windows7-x64

7

08733ff9ca...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...pt.dll

windows7-x64

3

$PLUGINSDI...pt.dll

windows10-2004-x64

3

$SYSDIR/co...ve.exe

windows7-x64

7

$SYSDIR/co...ve.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$_5_.dll

windows7-x64

6

$_5_.dll

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    08733ff9ca8d10dc8a89d5054e9b6ffc_JaffaCakes118

  • Size

    395KB

  • Sample

    241002-czd1wasflm

  • MD5

    08733ff9ca8d10dc8a89d5054e9b6ffc

  • SHA1

    d813297226e4ee80245c95ec0344a650089bad21

  • SHA256

    9b31d0a58d4bd0d04651a2b29590f3c76493bb50fd5e6d21afb6c1d6a291e433

  • SHA512

    d7b9a4585facb170da19816c5536ec6a585523e46546393742e2d34e3c5ba2ba55ce71aa4ed0a66e8895bd691e1581ffd8a2c0a1f5a8d2b947225232ae4c8831

  • SSDEEP

    6144:Fwg4zMoMVe/VRHzhV3yxXPhlfCWfBJ8V8jcq0m3b+HBp85Z5vF5qxds7EpG9CGkQ:L4m8nHziNh9CWZSVxULQI5N0xdsoe6Pm

Score
7/10
adwarediscoverystealer

Malware Config

Targets

    • Target

      08733ff9ca8d10dc8a89d5054e9b6ffc_JaffaCakes118

    • Size

      395KB

    • MD5

      08733ff9ca8d10dc8a89d5054e9b6ffc

    • SHA1

      d813297226e4ee80245c95ec0344a650089bad21

    • SHA256

      9b31d0a58d4bd0d04651a2b29590f3c76493bb50fd5e6d21afb6c1d6a291e433

    • SHA512

      d7b9a4585facb170da19816c5536ec6a585523e46546393742e2d34e3c5ba2ba55ce71aa4ed0a66e8895bd691e1581ffd8a2c0a1f5a8d2b947225232ae4c8831

    • SSDEEP

      6144:Fwg4zMoMVe/VRHzhV3yxXPhlfCWfBJ8V8jcq0m3b+HBp85Z5vF5qxds7EpG9CGkQ:L4m8nHziNh9CWZSVxULQI5N0xdsoe6Pm

    Score
    7/10
    adwarediscoverystealer

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      2a2af69379ed269c61893e8146e18f52

    • SHA1

      03264b45960d3f1fde4b031db47ab7a3f863713d

    • SHA256

      e323b74c36dc52c2a3fbda49d998744cf64cab102f0d72796472ab55d2c784d4

    • SHA512

      49388047397e33f1ed502bd0c5e61b98b33881f794fb52ca229db5b589af9ecb370e9043e2143dcb62cd9d00df6cacc89589734c83f9fda0ceb3f216c0bedeab

    • SSDEEP

      192:i4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/122gszA:iysdM80dCI5a2LsQ5IlPNRY00AlAWU

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      82f7926fd7d12e3eb8ed7b5232bcf956

    • SHA1

      6065fc921b742cc86c77ce2533fc1d17359eb45e

    • SHA256

      604b5e75f43ffae8f172018cdd8f136392d9c52ae0c100d27ef537bb2dfb3984

    • SHA512

      b31a63ebbda8f147c32d8336c5ecde8c5261ad5526b01926d7cd74b7a9a1348da56e180e53d20e1e300daca76f9511f24d6e695550b705b7650c239e5b6e76c7

    • SSDEEP

      192:BGO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1a8SgMO:pKAFERdlxhTYUzqZaV

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsBrowserOpt.dll

    • Size

      518KB

    • MD5

      0c169774cd61ea1f727d89fba8d59fbb

    • SHA1

      06c66b30d59bc66a24a0891593a17ad41145b60c

    • SHA256

      cb80fe2e9f1ed3a90ba515ea56527ae0376cdf489e60f8a29b67ef8c84acfbbe

    • SHA512

      2d9a3216812453480124cdd3041079922a87cd8354e0952f88e3b1ca044f271c77c9aaa641f7b10a1e45e095523e79cca2ab406b2c1744f93484e05f7fd80908

    • SSDEEP

      12288:PMTe1Dct34x/iDZ8cAAqtYjBLZOPPJbJan2zcpnl/eFTNZklUW:p234ViDZ8fAUYNLZOPnTNZkln

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $SYSDIR/cont_globaladsolution-remove.exe

    • Size

      52KB

    • MD5

      484d16f733b77e3ea52b90092fec78a6

    • SHA1

      ff7f72fdfcde4eaa49b0819f63204e91d153652e

    • SHA256

      98c01c1e12653fae11202eeb137d92cf338e7a3fdf7712e49dd781bb83436dec

    • SHA512

      acf7387a735f586e5d97e6747b17cbc4ea4920f8c0351bfe27d5cacec84bdd3ed2b83315dd6881e23623aab3a9245b72ea763e267483c9b6dd6e52d4bf5c3e97

    • SSDEEP

      768:YSup23EQCjlQRB8/ewZ1iU6nyYFxbssT/F/O71mJ5VJRnHt6t8KuTqoTKbbuLL:Fu4EQalMK/ewGnh0mJX8tuTfKbbsL

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      271b5d1043c4402f08ddeae383f6979c

    • SHA1

      2b88c58aa27bfb4979239579cd65d4c6c67a5295

    • SHA256

      90485cb175686c3e97b32ebf99daa939c1a6f46e7031f71b72b81cd114fd5b51

    • SHA512

      f8bd4b316726f05647162bb52a2aeb4a6cf5ee976fdb7817a3d25b868b83fb482c38d078f01d3a629afb0d6fa6ce409b2b3404398563137e22010074f529c11b

    • SSDEEP

      192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT3K72dwF7dBdcQOz:i6JaVh4I5rpPbT3+BdhO

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      2a2af69379ed269c61893e8146e18f52

    • SHA1

      03264b45960d3f1fde4b031db47ab7a3f863713d

    • SHA256

      e323b74c36dc52c2a3fbda49d998744cf64cab102f0d72796472ab55d2c784d4

    • SHA512

      49388047397e33f1ed502bd0c5e61b98b33881f794fb52ca229db5b589af9ecb370e9043e2143dcb62cd9d00df6cacc89589734c83f9fda0ceb3f216c0bedeab

    • SSDEEP

      192:i4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/122gszA:iysdM80dCI5a2LsQ5IlPNRY00AlAWU

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      82f7926fd7d12e3eb8ed7b5232bcf956

    • SHA1

      6065fc921b742cc86c77ce2533fc1d17359eb45e

    • SHA256

      604b5e75f43ffae8f172018cdd8f136392d9c52ae0c100d27ef537bb2dfb3984

    • SHA512

      b31a63ebbda8f147c32d8336c5ecde8c5261ad5526b01926d7cd74b7a9a1348da56e180e53d20e1e300daca76f9511f24d6e695550b705b7650c239e5b6e76c7

    • SSDEEP

      192:BGO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1a8SgMO:pKAFERdlxhTYUzqZaV

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $_5_

    • Size

      542KB

    • MD5

      c0c2c941fe026df81c03cbac605ca74b

    • SHA1

      6d49fff20749d748598a8eb981ba64e5dee3a5db

    • SHA256

      474acc2dd87957d3b228ac293c6dfee476c8bf53d90eaa1a008dc4a20201878c

    • SHA512

      256a9511373a3f1b985eda07c384fe8bf538a5ce4f18bdbf62e32b791314b11016f883f48631172e57cf713b0362730b7ddf55f370a937966d872f2162345c46

    • SSDEEP

      12288:LWAfPqFs0U59TwU/9RcA6aSl9e5j5q75FZGL7aW9JxLZTBxKLCBdD:CyqFVU5RwG92A6aSep5YMtTBxKKD

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks