760ff6ab4e5c4e6956c4ff06c9100eef5e75608658c6c4f6c8086e8ccc2a8251

Sharing

Copy URL

Twitter E-mail

General

Target

107326941930152877f0e299f7bc2649_JaffaCakes118
Size

4.1MB
Sample

241003-zjmz6swbkl
MD5

107326941930152877f0e299f7bc2649
SHA1

a19d03a25c62ea0d832b3fef1d67dd22bdf9d482
SHA256

760ff6ab4e5c4e6956c4ff06c9100eef5e75608658c6c4f6c8086e8ccc2a8251
SHA512

b9bc2f274a64aaa7882f34a1f9b42cd21757cc25502df6ed85555e0f85ba69ac2c7a115e16bd57b86e32b150e7546cf05099d173f7c617557ba4b5acedea3708
SSDEEP

98304://QFLvGYzSBec1n5Laogj25L9UiSH/rnV/Ilh:XQxFYZxA0R4/rV/M

Score

7^/10

Malware Config

Targets

- Target
  
  107326941930152877f0e299f7bc2649_JaffaCakes118
- Size
  
  4.1MB
- MD5
  
  107326941930152877f0e299f7bc2649
- SHA1
  
  a19d03a25c62ea0d832b3fef1d67dd22bdf9d482
- SHA256
  
  760ff6ab4e5c4e6956c4ff06c9100eef5e75608658c6c4f6c8086e8ccc2a8251
- SHA512
  
  b9bc2f274a64aaa7882f34a1f9b42cd21757cc25502df6ed85555e0f85ba69ac2c7a115e16bd57b86e32b150e7546cf05099d173f7c617557ba4b5acedea3708
- SSDEEP
  
  98304://QFLvGYzSBec1n5Laogj25L9UiSH/rnV/Ilh:XQxFYZxA0R4/rV/M
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SimpleFC.dll
- Size
  
  175KB
- MD5
  
  d38543fc9ae37d188a23e06ee11d3504
- SHA1
  
  174fe778f66db4a527fddf21b1c23e1bc1ceceeb
- SHA256
  
  72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e
- SHA512
  
  43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b
- SSDEEP
  
  3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  0745ff646f5af1f1cdd784c06f40fce9
- SHA1
  
  bf7eba06020d7154ce4e35f696bec6e6c966287f
- SHA256
  
  fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
- SHA512
  
  8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
- SSDEEP
  
  96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/MyBabylonTB.exe
- Size
  
  864KB
- MD5
  
  5b27dcc4d16b61ae5796c557a25d2286
- SHA1
  
  7ae67f82caa203abd4af485c0580a36f46d400ca
- SHA256
  
  b9b4298c5cbcc201ce8a0cbfd5f4a20b4790aac13ad1ba01627b1c988b97bbf8
- SHA512
  
  4b3e6a32ec62abf784230993c8f52c5ff27bc780c22c1d61e34497ca7f48f1eb5319bf69194bee6be8c36fdee1727de4bb0fc0cbc406a24a8c9e731e1d83cdb2
- SSDEEP
  
  12288:b8HGZMEdI1Sw9HQ3e0ysQCWHQ8gjKQCxs4RnH1n6JZlPXG+fpxyIQGYt8BploQe6:jMEdI1j9HQ37Kw4RnwXNR+I9zsQCQ
Score

7^/10

discovery spyware stealer evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  EasyDL.exe
- Size
  
  1.3MB
- MD5
  
  b84b263f110b1aafab4017e5c6b74d73
- SHA1
  
  53241c42e7c5c470813b059cdaa4191737e529cf
- SHA256
  
  03a44833b21c4dd1374b994440ca10f8602d791f575e506876e7b9ccc2ba1225
- SHA512
  
  9133766663e3ef6af97129cbee7992ec5aa93a27ffbba21b734742ea2481e2f8196527b4c636a6c4a92b8152eb52f714c82d8375be3af674de7b6e71373f2923
- SSDEEP
  
  24576:o/GnaXrsxMIW4vnkHBIdgsAOr1fWQOYwQH8lKk7YRAZ6:efIxv29sAOJWQOYwdQig
Score

7^/10

discovery upx vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  EasyDownloads.exe
- Size
  
  830KB
- MD5
  
  9f58f4c65522b1e603f127a4fbfd9844
- SHA1
  
  02c4757f9dfcdc45fd57510292ab337d35a9650d
- SHA256
  
  7df55aea9f5ba0115355cad52792d593c737fc095996fb08a83d880d6097078f
- SHA512
  
  e94088a510a89513bf7cddc9df574ac168e30417c78a3e595e533addd51d45297f519168efca743ae25015564be389562955e512183d735b5b05ce157343b018
- SSDEEP
  
  12288:mwVaY0O1hLCautLaaEzYEYj1eJtdPiH23PhrrlVPhTde6z4+ljs5RtuVmEJXPM:mPYn3MLaLndqHOfVRdebyI0VmERE
Score

7^/10

discovery upx vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  current-cloud.html
- Size
  
  3KB
- MD5
  
  72eb17b85245661caf4a3642822f535c
- SHA1
  
  462bf7e8178d473b3c0985eadfe200d69d6130ee
- SHA256
  
  3c89a98c2704c23c4363cc2955aa9049932f4ebe0234037716a5c0904165110a
- SHA512
  
  809f29de598f8610803a9e03a062ea0815718175c4cd8a7145ab5e7632c22f546012399d6a3f5f1ef525eacc17f4c779fd67e1ef30bc9dec0f654257d3c64f8d
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  htmlayout.dll
- Size
  
  921KB
- MD5
  
  41759604a2974702faf51eb045a20f0c
- SHA1
  
  b391049bde295b68298e0c9457ace97dcbca5b3c
- SHA256
  
  d128b74c6df97c2081fd6144aeb335195f785132bb51f281d66bd0431e6577f3
- SHA512
  
  e39fa7cc948a34e1061a6acdf8594500604616eb311daecfc75ae9263da2b904f770d8ebb5dc838724af0104ae562121490a52f1dc15895197a45f4366f4191c
- SSDEEP
  
  24576:HGkarx/Npo6VLBJLGMZyUN0N5DcFTfWlAVZj3AzHdE7qF:U2yNJLGwF0bYpWl6tydc
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks whether UAC is enabled

VMProtect packed file

UPX packed file

VMProtect packed file

UPX packed file

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24