71bdc986994ff0ac066342f524ec84e994ad9240bf80f97759d102e31fbf660a

Sharing

Copy URL

Twitter E-mail

General

Target

113f59a116435802d085bf18bac06953_JaffaCakes118
Size

1.5MB
Sample

241004-bqnchszhrg
MD5

113f59a116435802d085bf18bac06953
SHA1

6eedf6a256d8d55e8e6873c301f8f730de11422c
SHA256

71bdc986994ff0ac066342f524ec84e994ad9240bf80f97759d102e31fbf660a
SHA512

6b45271fc43332062a8f96d721ec3e54f89008c96266f8df32f7590d2b83dfcef7bb3270fc8851221c5b3e3e6b4fd2f2c42d7ad4a1267c470da0d209d1b4279a
SSDEEP

49152:cnt7/imwzkPs8aUmayETXRBWPRhSwn1dxL2Ve:cndPsXUlyETBBWPbr1dl

Score

7^/10

Malware Config

Targets

- Target
  
  113f59a116435802d085bf18bac06953_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  113f59a116435802d085bf18bac06953
- SHA1
  
  6eedf6a256d8d55e8e6873c301f8f730de11422c
- SHA256
  
  71bdc986994ff0ac066342f524ec84e994ad9240bf80f97759d102e31fbf660a
- SHA512
  
  6b45271fc43332062a8f96d721ec3e54f89008c96266f8df32f7590d2b83dfcef7bb3270fc8851221c5b3e3e6b4fd2f2c42d7ad4a1267c470da0d209d1b4279a
- SSDEEP
  
  49152:cnt7/imwzkPs8aUmayETXRBWPRhSwn1dxL2Ve:cndPsXUlyETBBWPbr1dl
Score

7^/10

adware discovery persistence stealer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  Launch.exe
- Size
  
  149KB
- MD5
  
  987ff0f9aa813dcef7379a288762a3ba
- SHA1
  
  1fbc51fab095fbfeaa70987ba8d6720672af7bcf
- SHA256
  
  f9d307793ae540de348a0ca87c77536d4074a998abc1842f33d9797ba58ee52b
- SHA512
  
  f3d263ce13e171697f1b8c595e5f1323c4be3151708749ab6ec68f6eb6a61c0ab66e89b5d47464784776f66f6390d70cc22a52e3aa4b6e3c8191d94a7a767820
- SSDEEP
  
  1536:XmY5gAZTVwuhEVPcy0KoKH0Z1gjXhT4SBULZuzYfHwYQSZz+mUVG0M5kNC:2Y5gWTVwuCPc+oKtjiXAnSZz7W/M5kNC
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  MenuOrange.dll
- Size
  
  299KB
- MD5
  
  b5a18af1d832237fff838778d9437465
- SHA1
  
  bb39cea2463749871ae5414cdaa32431245e38c2
- SHA256
  
  cb85eddcb8935d98b8723de463e76ec3221f20ae50abc5957d16ad3dbc0a3b4d
- SHA512
  
  28d1d57ee7157c9c1925bae08232d9d6a4715c7f7e6248cda995e54c2d6d2aa18e656ab42ae4596160fff6b1d94a83e7784c0cff50ad42836322544e69dce18f
- SSDEEP
  
  6144:bv4FRiQYb3h68E0B2UN9bV7CHNDd/OHHEF8Aez:joyh690B2UN9bV7CHNDsHHEMz
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral5 behavioral6
- Target
  
  OIExt.dll
- Size
  
  186KB
- MD5
  
  d597ec30e646421e6b1ec132de37b0a5
- SHA1
  
  72533f25c5adfe0cf0f73d928b7915c3fe9c46c9
- SHA256
  
  2cc91f9eb2946b2d19414ce4901668f25af5404eee717e50b179997dc80ab5b5
- SHA512
  
  332740d2c295e665f67f7f79cbe2130f1b473dadf8a522b2a3e46d1fd1585cd6f9fb35fcb9a13ce542eb7df14694716d5b22f16230d3ae3d97336fb0934a8a28
- SSDEEP
  
  3072:22G0wVsWsKpnZiOoOiTcU+O3j2iw+Lpk5r6Clk:2vJMTfwcv5
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  OrangeInside.exe
- Size
  
  838KB
- MD5
  
  40d0ee34ee4cbdea7e211c321986a13b
- SHA1
  
  11d119b8f55726d31214c9258e5eb80c40a3a915
- SHA256
  
  56371bc125d0d9e8dc8195c5c552a3e6f725a12a9cb4af7b951ae19c63cb3c43
- SHA512
  
  96a8fad96d92b6b366dd22020d5910e3f66e3a311ba2eaae3dac2e8f00e7e8373b17b38df27d0218e6018a22b741b0e91c75db1e89bb34e72211bb31b4dd3d27
- SSDEEP
  
  24576:LoZ4xKYtNzAJLh7gydG9fLQ+WxU///////////i///////////////7///////Ws:EZqbZAPdezNDs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  OrangeInstaller.dll
- Size
  
  143KB
- MD5
  
  1e603efc6bbb227e5efd43981af73816
- SHA1
  
  648ef190c37023c21ffa1cb2723daacdcd7e96e9
- SHA256
  
  1ddf35c9ce7fb72fa8a96d9e1190d8c29bc1b7b6033b92849b5a0eb659d0fa86
- SHA512
  
  7754faf67acce8f13097ce794a9486ec163c30ed9ddf608a052eea6b6d7351591cfa68cbe4b8fcd82e9c0ed35cdf96a3da7929389b03cd869f7a1016787cd724
- SSDEEP
  
  3072:fXzVFRgFcfMONoVNh23f1txy35uBI93R2Zx7poX0A3D64S:/zLRgFUMOgNh23k3NX0AT64S
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  OrangeInstaller.ocx
- Size
  
  192KB
- MD5
  
  90078076d5ce23896f80c42c3e9d536b
- SHA1
  
  797c35967025bcf3cd09df04c52dd5c96033a389
- SHA256
  
  4bc596af7fd5d8e777a86ed67373a576e44edf8fb90b146ac1fc30b48e54795b
- SHA512
  
  eddce05ac59a7c0b12d829e237692bdd49f6a9882338911d2faad647b462e7ff3cad2ea2650e4f23f9f9ceb9d03a0cd248deb5a333f35ab38d363b37b875f8ba
- SSDEEP
  
  3072:aTegv9M3n3biLK0zk8sIjjwiWxFEoDgkiXqZsVR3:dY9M329Pjwc6QX3
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Uninstall.exe
- Size
  
  197KB
- MD5
  
  22c4877113aafa79d07bf7d7eaea29ac
- SHA1
  
  2a0157b7d866a85829a89378868f13672a2098f6
- SHA256
  
  59588cd27428f32d3ed3a09364e15923bd11753367dd63ea3b82bb4b624ca81c
- SHA512
  
  da36296f5f2d6b56679cdba92e0db09b14ad0924876efa764036db48047f5449881e094af6e88d72d13e91396a8715aa6c59dc19729dfca9639b7186e054aa12
- SSDEEP
  
  3072:qJQpBhxdE8Tekid+PcDI7UYps5Y+2dVw1hh3HyYGpjpoMx5kske:qJ1srGY5dy1hhcPZ0e
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral15 behavioral16
- Target
  
  english.dll
- Size
  
  130KB
- MD5
  
  ea003b02904b3c61b52bcc037e166f71
- SHA1
  
  effc5906a51aa2e2a569f111af1ccae289727c64
- SHA256
  
  1570ffd79d5d274dee81d12d55f0307c8ad2be261d59e7a9975f7f254494dacf
- SHA512
  
  a8ec001870d837bb06593b0c8807786d9549a430f0cf029101b7e8cfec05002a4295dded9593f166319287aba7598d21bc4392f93219ac9eb68baa7f3b1fa740
- SSDEEP
  
  3072:x///////////i///////////////7///////E6c4Ea4si:x///////////i///////////////7//9
Score

1^/10
behavioral17 behavioral18
- Target
  
  french.dll
- Size
  
  191KB
- MD5
  
  cc0f4539314c7d66c6092daf7b567bcc
- SHA1
  
  2325374c51c311156eafb4be397223313c956202
- SHA256
  
  133b9b0c15c0168c5b1ec4b69890a56d10296b436b9726c9dfb7ff49c8b390f3
- SHA512
  
  86b183e09aa95e0bc224de5af86e6514c74d0368348a31b8989e2199574018bf15999eacc9f6a7a3013754f54231d3b9046edf324b11101f87d57d4aac4727c1
- SSDEEP
  
  3072:w///////////i///////////////7///////ES4Ea4sx:w///////////i///////////////7//W
Score

1^/10
behavioral19 behavioral20
- Target
  
  libcurld.dll
- Size
  
  424KB
- MD5
  
  3897f074eecec053c828ae72f47066cb
- SHA1
  
  ecc4c35bf73464e0f8c6ead599535cb6f1ff03c6
- SHA256
  
  98ae208fae21fa39cce9577fa3bad2883f9fd4c72ef570be500ec9ff24d4a2d3
- SHA512
  
  848009801b7bb4bff39206a6ae15ea3fba05113682497c921b03c4f560ff57b53165f0ed1bee034adf2f379f6f7a201960b97991c1fb32ef0bcffb25f90710a8
- SSDEEP
  
  12288:YM0gY2MdCJ+9FfXF46ApgSucM02F/ZsGGA9vZiMCbsi:3XJ+BvstA9vZiMCI
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  content/orangeinside.js
- Size
  
  4KB
- MD5
  
  0be1057cb0ac044620e9303c1d150f9c
- SHA1
  
  9a04bf562884560016275085e97765d9bdc9b64b
- SHA256
  
  ee12a8760ec28371ca9b730b6ef2adbac89f0b967079c1ab408ca147630c1f5f
- SHA512
  
  1d70c3511d3fb73845b4804e4627dfee34ee43601745c81e3ad0c4cc7f076565f0e9e1cda541f72c2e7d67a13071a930852664b1b4ce069d1e5d95c93f12b77c
- SSDEEP
  
  96:7+eU7xvkyhPAj5o3lXDynF4ia/rKY6BB1:7W7xLYj5o3lXDyFB+c71
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  uninstall_NSIS.exe
- Size
  
  193KB
- MD5
  
  ef5d5d2f7561199d6f3180412f8142f2
- SHA1
  
  66a53ed6629d7179c45464584de70ef81f82aed0
- SHA256
  
  1dc870fba5f9309088728c68127fa8d208841078db9aec53ce36e019bc353bfa
- SHA512
  
  189afa172b9e7c42bf304a62954afe0966a0d465f8c7a691ec142ccd82f71249bc1f06864acd919bfd54416497da1e1c90075301443d9e1b25b5b2c43dd01e72
- SSDEEP
  
  3072:SFOMGpkQnjShPcYxubY5oGBpiYZcDTUYuvlmjx5PEV:P72uUpiYO6Nmj7EV
Score

3^/10

discovery
behavioral25 behavioral26