Overview

overview

7

Static

static

3

0ea029ddc6...18.exe

windows7-x64

7

0ea029ddc6...18.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/I...er.exe

windows7-x64

7

$TEMPImg/I...er.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/A....0.exe

windows7-x64

7

$TEMPImg/A....0.exe

windows10-2004-x64

7

$TEMPImg/FVM.exe

windows7-x64

7

$TEMPImg/FVM.exe

windows10-2004-x64

7

$TEMPImg/P...ar.exe

windows7-x64

7

$TEMPImg/P...ar.exe

windows10-2004-x64

7

$PLUGINSDI...up.dll

windows7-x64

3

$PLUGINSDI...up.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ea029ddc6e0fd91a42f87d5313498ab_JaffaCakes118

  • Size

    7.3MB

  • Sample

    241003-jg7nsswarb

  • MD5

    0ea029ddc6e0fd91a42f87d5313498ab

  • SHA1

    8562130191ce59575e53bbd6ab39e2c66d82998c

  • SHA256

    b7c782895eab0b5d9609affee7f8eb97812a3fc872ced8d46d904b5280c7a80a

  • SHA512

    55274f33cbed3f55b55a7d86f1380fde627fe7a2429f399a8d0e042a375e558f9848d03bfb56ba6ae326f3e1326b683ce0b0e1281e916260fab076188d8f1ca5

  • SSDEEP

    196608:FGH7x4Ar254tQEOD3YdPlDkpA3yn3MrN1Au:C7zrO4pOTEPlDk6ycxL

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Targets

    • Target

      0ea029ddc6e0fd91a42f87d5313498ab_JaffaCakes118

    • Size

      7.3MB

    • MD5

      0ea029ddc6e0fd91a42f87d5313498ab

    • SHA1

      8562130191ce59575e53bbd6ab39e2c66d82998c

    • SHA256

      b7c782895eab0b5d9609affee7f8eb97812a3fc872ced8d46d904b5280c7a80a

    • SHA512

      55274f33cbed3f55b55a7d86f1380fde627fe7a2429f399a8d0e042a375e558f9848d03bfb56ba6ae326f3e1326b683ce0b0e1281e916260fab076188d8f1ca5

    • SSDEEP

      196608:FGH7x4Ar254tQEOD3YdPlDkpA3yn3MrN1Au:C7zrO4pOTEPlDk6ycxL

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      a7cd6206240484c8436c66afb12bdfbf

    • SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    • SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    • SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

    • SSDEEP

      48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $TEMPImg/Installer.exe

    • Size

      6.9MB

    • MD5

      186b0136f303bbdfa28d4186073bea8a

    • SHA1

      6cb4cf0098b71a486ff5deaf222b8ffafcde818a

    • SHA256

      091088c5d1ee6da6b7584af2a7fd1315f5cd5b09789c3f375654f29b372bbdea

    • SHA512

      b0f47bdba9914e1f114039b2a90e224a980fa5b83d7d1981a80592a84ea06760cac2a335e78b38323f71c4bb34e3590fe9b2123318e704a38d9bd083229688af

    • SSDEEP

      98304:3ZGgMhv+5aR+uPCkQ4YCZL3zNc6a9Zpn6d/3VrDkk4EdKy3NixJ9pfhEhcyNo6Ne:3Ar254tQEOD3YdPlDkpA3yn3MrN1An

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      5KB

    • MD5

      a7cd6206240484c8436c66afb12bdfbf

    • SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    • SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    • SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

    • SSDEEP

      48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $TEMPImg/AskInstallChecker-1.5.0.0.exe

    • Size

      242KB

    • MD5

      8f9b5f4f87207be1cf810ddc95124f92

    • SHA1

      f5cec54c9aac59167ba95ec8077438be381fba3d

    • SHA256

      4501e3f8f41966d403e76d3b1d04525098f0b6d41b65741a8351f3b0d3e4397e

    • SHA512

      dac421d8132e474ddfc9ba5954928b40d952af17c4c2085c30f5f3dc631962c2f05db52cb487371108b6b61e6fbc0a82d68ced48e9075a1fbc5a214d5d201097

    • SSDEEP

      3072:L9Sc/cBP7ZyFQyNGhwPjVr88LkkPl5qcV21BSA5mffoL6xB3UCWT4zeNpdrhUu5g:L9+B9AHKyjVrTLkkP7qcXvxZzchm

    Score
    7/10
    discoveryspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral15behavioral16

    • Target

      $TEMPImg/FVM.exe

    • Size

      1.4MB

    • MD5

      7647c48e0ac6a521e9b97bd107b2a215

    • SHA1

      d464f46d7532f2f23222e61657d0c9ee43777b2d

    • SHA256

      24f96b0e81b026f81a6d7a3f4c86eb0e4cd86f2e003324c374f69d23445e848e

    • SHA512

      d470c7b17e9bcade5cc677396282b541e3d8d5823ffc6b9f9faa37a2f88e9041d89f8b0a9ce6406a880c45f0194207919596df0982e74a17d3b5205aa94af96a

    • SSDEEP

      24576:XKkTWMfcFPkyuYyCUMJvuGHtekf8Iu8SzFnGpGcJ/5QrIjf4zdkB/huKb:XKkYayuYyCBxuGHtekfLjwpGpG8Xadk9

    Score
    7/10
    adwarediscoverystealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral17behavioral18

    • Target

      $TEMPImg/PazeraToolbar.exe

    • Size

      2.8MB

    • MD5

      4d14c69f86a74fc25ad116c38f8f05f9

    • SHA1

      bf8399d5f22aec7e4db7b4c385591ed5d42e71d0

    • SHA256

      db3119182761d71fe962e662aaff8aba64121130f3f1d39ac548020f26deec77

    • SHA512

      2f4acf84eb9e588ebe7a1c4731a472c0664f280982f90ec104c04021fbf6e9fc1c4708ce639fb1433ea014954ed24cd79fa94a5d3617e13b8b2e2058cac7a4dc

    • SSDEEP

      49152:qKmU/FmbvQyw+Lx8GtekgJV2cEraOdDJLQDwydRm0qw9d/YDTn3UOesiX9iYvmEd:JmUoU+LSGtYJVqraOb5yds0tf0EOevXT

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      $PLUGINSDIR/CABSetup.dll

    • Size

      17KB

    • MD5

      971a2e4b537d8b3f0bf5699c4b086192

    • SHA1

      72c062e122288b8c015cd1cd806bef4a22530b60

    • SHA256

      82f78bcf453ef5bc4383dbb586bcdb7db7b79877ca79991f8b83c9284b6eeedc

    • SHA512

      2269002046c774112201a4ebb86638e554c11fa3ef2ba2f48266b5427b64fc35e66a94a1dc45c085f713aaf2852ac55a40876ff6bd0fe8625dce9eac05ace657

    • SSDEEP

      384:1+euflfDS/VtTPYCfdW/QJCG0wNXB9SNCNLH:1+eufdpYg4JCwnSENLH

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/InetLoad.dll

    • Size

      18KB

    • MD5

      588d2a4e27dee47f1d7a9c10e67ca948

    • SHA1

      019aad53a317892c3875761a5f6f2fb470376b7b

    • SHA256

      b908ac66f5e0876fefe0be8ee692095132a780a8362ba3a68e99ba0d53dc8ebc

    • SHA512

      c9de72dcb87f27e0a67c6b0220dab67b8c5813bc803bd76fb2b3070e88447457afdc76ffc391be42c14e9f31218fb74e8ddcd2a867e1f4d6f057986a8e31955b

    • SSDEEP

      384:kUyPTZJ/XdzJwwTh8W1cyMjPzt0Ac9k+LMkIX1+Gn+XHfs:k37/luwTh8W1rMjPzbus

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/ScrollLicense.dll

    • Size

      58KB

    • MD5

      9de28704babdcf38f423c36eae737e17

    • SHA1

      dd7f7b03430bbc9d568c6ea31de88fc281c3eec3

    • SHA256

      d81d764e13b8e7a7ede9964f118d2de44b13c39c442527c0ffa11ed25cac5014

    • SHA512

      74e0b8b2cbf2de7ffde19e31567976e4c59fc68df351621acee5b0f00734fe7cb95f29fc822313f58ab9cf5f2822763d6021643e088fa6a37bf6d4672f6cbeea

    • SSDEEP

      1536:IU49ZxlN9m68X7Yo7n8roGNHyJelIXkzqGvl/H3C:OZxz9QA1SkHzvl/XC

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      eaf5036ef8e7fbdfa76d42c18233764f

    • SHA1

      acd9f46c0500b00648933c4a172ef258ec64a1f3

    • SHA256

      74a4283da525512b7fa14d40cafd905e63a8c2a3c9faca4d0605ad71f1a05a7d

    • SHA512

      93d3e698c5d40f28c9d899f95f5b8ae60eceb8e96e57000ed458b9bffadcc98616aeadd4d6b930f3f91bd2a822681ef284dfc0eda6ae776ba1b7cc6ff87704ef

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
7/10

behavioral10

discovery
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discoveryspywarestealer
Score
7/10

behavioral16

discoveryspywarestealer
Score
7/10

behavioral17

adwarediscoverystealer
Score
7/10

behavioral18

adwarediscoverystealer
Score
7/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.