23c33b706135139fee61b5f5ef13f2be736b6cc3fa71c3c47d6fa5a156f01014

Sharing

Copy URL

Twitter E-mail

General

Target

1311fc358a7ad819770c085092725d71_JaffaCakes118
Size

2.4MB
Sample

241004-m4w3csvarc
MD5

1311fc358a7ad819770c085092725d71
SHA1

39580a6af9e773e3b8802e8a42bd45a361330023
SHA256

23c33b706135139fee61b5f5ef13f2be736b6cc3fa71c3c47d6fa5a156f01014
SHA512

9bc5b3207537c46fc9ab0eab3b1a86e8ea07ddf449f7f8bac46c94c205d14d181e0df378d3999b37094c3d0c35926a1fa6fe60ca03393dcede9888f5128a8bb1
SSDEEP

49152:F4Q3SuUdcq1lWLQvcccJWvVqcgrLpMKDBHCQ12xaM8W81jpXFo45bSoZI6Aljicx:F4Q3Snd7LcTcvs1xMKdHCQSuWejpXFoB

Score

8^/10

Malware Config

Targets

- Target
  
  1311fc358a7ad819770c085092725d71_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  1311fc358a7ad819770c085092725d71
- SHA1
  
  39580a6af9e773e3b8802e8a42bd45a361330023
- SHA256
  
  23c33b706135139fee61b5f5ef13f2be736b6cc3fa71c3c47d6fa5a156f01014
- SHA512
  
  9bc5b3207537c46fc9ab0eab3b1a86e8ea07ddf449f7f8bac46c94c205d14d181e0df378d3999b37094c3d0c35926a1fa6fe60ca03393dcede9888f5128a8bb1
- SSDEEP
  
  49152:F4Q3SuUdcq1lWLQvcccJWvVqcgrLpMKDBHCQ12xaM8W81jpXFo45bSoZI6Aljicx:F4Q3Snd7LcTcvs1xMKdHCQSuWejpXFoB
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  18KB
- MD5
  
  02d7f5e5dd1512bee2343a21d9970eba
- SHA1
  
  382abcdc03c3a0990d4482427bff757a8c5b8796
- SHA256
  
  e203bd2042cc75d229cfa18d2862c4c90754b8de1361fd4b65aef808076f5a27
- SHA512
  
  681908f5c9075e5b18862ac3a52e07c8c1e0a7412c54ee6d5a765f72ab7d7d19e3b67fe9ef59279cfb0b77e042277e7b06a6bec788198977415407d520340706
- SSDEEP
  
  384:Hzdp+8vYqh+KhpR3+OftfWdrierxIwAWguQhxtzUl2x5fTz:HzdhvYqh+KNNVSierywAWTwOlYtTz
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISpcre.dll
- Size
  
  133KB
- MD5
  
  414124231a0e8a71a820b2c39513c7d7
- SHA1
  
  8b08717c2c6305a327598f663b17cc5cd60eaefa
- SHA256
  
  1be9ee2ae3b05441f08987d4ffc4dd8219b020c4c44b6df023c3c259d1da305b
- SHA512
  
  eab202f56aafb1b4330621bbbdafafc55330ed35216e77c55e882d9057d11e4703eddb8815750ea7c80de7309b0bf12e5ef1a9eb7ddf7624b1b268170a50f2de
- SSDEEP
  
  3072:PzI/+0JxD+eXv2aVeKsVUM+3LO0RKks0b9596:Ly+0JxD+eXOaVeK8UM+CAW0b9q
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  58KB
- MD5
  
  34aafdcc9ba1a2acc6d6fe9ca347ac7b
- SHA1
  
  23a4f3ea483d8643d427b29ed92af8253c0d3e6b
- SHA256
  
  baf9f333f6276ed10cd1c29c619d1e9143e9b751c5a043d8212567333d0aa9cd
- SHA512
  
  1ded039235005fc6ea3bdbaac2e4d74892188e089d95ddca1486a1c83dba1b67eca72b3e1318adf3d8753a0f3fe805c6df46f9e6f1fef44bc1f469a93f6466f5
- SSDEEP
  
  768:oFTOjdPSKXRc/7SfH3qMnJQfhLNjhtajfYwnTED8ekOvnv8cUyWuZ:oAdqA+yHFJ6hrtWlIRv8cUy
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f7b92b78f1a00a872c8a38f40afa7d65
- SHA1
  
  872522498f69ad49270190c74cf3af28862057f2
- SHA256
  
  2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
- SHA512
  
  3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
- SSDEEP
  
  192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsisXML.dll
- Size
  
  12KB
- MD5
  
  c5285d861243f3b41648af5c0ffd5678
- SHA1
  
  50012e20b898e2f1abad27a4bdca12033e618add
- SHA256
  
  35e54b12771f671bd8d9677369eb8216b54de0608a07a92ef17a4c29a841935f
- SHA512
  
  92c687319e989199e392a81bbd16c00a551c1df9fc3535e98b2da0604424b148a4c379578837aacfa4e204d494c0f0b0ed4f7638cbf7462bc937b4e198631350
- SSDEEP
  
  192:3/ufSdX+LHASTxwSODR2bzdA74gB0jpYEfb:3mfSEL9lwpRv50FXj
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/AwrAskToolbar/ApnIC.dll
- Size
  
  240KB
- MD5
  
  197215658b8015182192e1ebca3bbcc3
- SHA1
  
  40e49124ad0b55a25f947333ca88e9d0bc30a7e3
- SHA256
  
  08db125c09eb53cc28e7bc7c427b6c2217ff6134a122e6d65d1d24f70e875d9e
- SHA512
  
  5fe9d6c96c817bd64ea78ff511734e9e11e6ca13b4506b589156a801fa4fed568c37d958cfafb96ad86ee1229ceeb35165965cb776f3a74cafaedb1a946bbf79
- SSDEEP
  
  3072:fBLh8OUd9YLlA1kQYcNAJP1pXm0cns0teMqbPOxtmBO4S9vIyxUMUoQbl:fBLhm9YLlDQU1Nm0BPOxESvfHw
Score

8^/10

discovery spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral15 behavioral16
- Target
  
  $TEMP/AwrAskToolbar/ApnStub.exe
- Size
  
  139KB
- MD5
  
  c36923084822c017f69396418a999d39
- SHA1
  
  fdc2005ced8acf86c68fe1b86b0698d0539e8ce0
- SHA256
  
  7a158fdeea8f7107be5ce40242546a503193aa1c278f74a4730871b8edd0ba76
- SHA512
  
  fb1106d4f4a138cad28a4282cb00c72688e03610be1d31a7cdd7b42b23e00e4f7ca9e731a7ab016d5920411707e165e3ee48164ef520112d8ac36fad85749c44
- SSDEEP
  
  3072:kchfXbup04LnomgmlgV5sUjbW/+lt5qqqqqqqqqqqqBYFpbO:BPbue4LP+V5f6U7qqqqqqqqqqqqH
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMP/AwrAskToolbar/ApnToolbarInstaller.exe
- Size
  
  2.4MB
- MD5
  
  91f6510715c46f2a9493fcb26e5cd1c3
- SHA1
  
  b8801d79c1448c0f288ec00e3a5001ea2517bdcd
- SHA256
  
  58bf546841f985db5ee9918a6a776fb7cc9e8b6119e04b194519ebec81d5f54c
- SHA512
  
  0e0516e676c08a0c703ef9f81f413d7e93e12307bca9465b4c3a74ec49219895299acc07d5273acff2e0dbbb4eab923b483a56d9e6a55a383dae24ca61a03373
- SSDEEP
  
  49152:liG4rxGYTbfkbVCs/2cex8CfdVY36EfrTzcZ8eVsV5gzuKo+4lcd9JvB/iq2Zk3:M5xjfjDYKEgZCV5g6Ko+qcd9ZB/iS3
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/DefaultPackOffer.dll
- Size
  
  574KB
- MD5
  
  27bde90956cb180933dc47d7a4853e4a
- SHA1
  
  51a286b37b0c79ba991fda9956de6f46f38b49a7
- SHA256
  
  1ec5959f8bb72f4f306390048375126898eef52fa85a8f269fa612c901b343a7
- SHA512
  
  713bdd2692535501797a1315f1fbc9745940aa7cb3c92780e64f97a2f059255f39da1ad4f9208126c08099a0cb47ece48fcca644b0e239233622aa819970967e
- SSDEEP
  
  12288:+uoI6SDTJmUb9kxI6vXQuXiKQi8lnY36LKVN/gUw:+/I6SmUyxI6vguQzlY3lVN/Fw
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $TEMP/gamebox_eula.rtf
- Size
  
  42KB
- MD5
  
  ae41d167bbfe87592dc8d5d05410c527
- SHA1
  
  3e177dd3c84fd023529f71b43e4a56abc46b66fe
- SHA256
  
  341894a0a9aa38f77548e63fdc6b8125307f158766b717212c4aa2c2c6ec62c0
- SHA512
  
  c049852c3f61499f77c81dba7e3da872032bf93e55c16e9c701f11e5cf6e209a55361000e0e430fc6c0cbfd91a6eb3d8c6f492eea2de678118f8841f1e29f884
- SSDEEP
  
  384:wdFkkOx+AivcOTYn/akdxj64BYbiV4+XZOXF4vyaQRsUZp7rIfGX9sg4i6rGsier:wdFkYAxj6W/4+XZOkQRxb7rIuO9qptk
Score

4^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24