bdfe98f0119ed4599cc809f34809e4aef89e36fed7edb2568ae7196e92bcbbb8 | Triage

Sharing

General

Target

3bf29fb9fad47ff2ed61e25e12147d40_JaffaCakes118
Size

577KB
Sample

241012-zhnv3svbqj
MD5

3bf29fb9fad47ff2ed61e25e12147d40
SHA1

a364008ad9ef88e40b1f6c3ab839c48ca9c0f09f
SHA256

bdfe98f0119ed4599cc809f34809e4aef89e36fed7edb2568ae7196e92bcbbb8
SHA512

baf94b81886fa85e479293ff65fa2497ee4af9c037c305af9ac569df38a469e55858ad1ff587088b0ca34d669674536ba600e86a3bd439d5598a6c417bbc5101
SSDEEP

12288:rkKDxrr4AoazLgIKAEoDVzMJEuhAw9ebyfT1:rTmARz/IoDVzego5

Score

7^/10

adware discovery execution stealer

Malware Config

Targets

- Target
  
  3bf29fb9fad47ff2ed61e25e12147d40_JaffaCakes118
- Size
  
  577KB
- MD5
  
  3bf29fb9fad47ff2ed61e25e12147d40
- SHA1
  
  a364008ad9ef88e40b1f6c3ab839c48ca9c0f09f
- SHA256
  
  bdfe98f0119ed4599cc809f34809e4aef89e36fed7edb2568ae7196e92bcbbb8
- SHA512
  
  baf94b81886fa85e479293ff65fa2497ee4af9c037c305af9ac569df38a469e55858ad1ff587088b0ca34d669674536ba600e86a3bd439d5598a6c417bbc5101
- SSDEEP
  
  12288:rkKDxrr4AoazLgIKAEoDVzMJEuhAw9ebyfT1:rTmARz/IoDVzego5
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsHelper.dll
- Size
  
  141KB
- MD5
  
  e609ae9a6fb19e0927f5cccf5918429a
- SHA1
  
  b3a9e17579b6b551479ac46048631aea78e55733
- SHA256
  
  3e500a56839eca950422e7a7a871b2adb8024fbcd5ecf611bf7ed299ce96ff19
- SHA512
  
  9e7306fb506ce8acf3a23b8e797b6a1baeae31d2513395395109f0b5fe6f6d2fcc83ce77bd6bb78d647c998a99eba8c6a6b5f6168a69b4c29a9a74196a5b9a08
- SSDEEP
  
  3072:ICp7AaalDTrAHFcQPpm95sPRcfF4c9jlE:t7LaRYHi0pmT6cP
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  faa7f034b38e729a983965c04cc70fc1
- SHA1
  
  df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
  
  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
- SHA512
  
  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
- SSDEEP
  
  48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  bk.html
- Size
  
  92B
- MD5
  
  db5f8d6e88e16fd830323de23bcd3909
- SHA1
  
  6dcd68de015a9109ff8e65b7bc9b07bad0fce76d
- SHA256
  
  7113593894cb166516f81065a7ed6585f06196ac43dada0edcc9c845f65648b4
- SHA512
  
  1d9c5b0d8e7327a9a1b63cb4576cfd18ee7bcd87f6b206865a328954b0dccb408b246330d45b6e459f9faaf06bbace42e3f5c4c347ca5335f9dcb9c9aa607f5e
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  bk.js
- Size
  
  1KB
- MD5
  
  66145a9f3480b1a08802756d5aa51b50
- SHA1
  
  944fb334cdc302c68d63702ce17a5363d9537365
- SHA256
  
  8ff400ff7aa9f96b125549e6b186a5132752fc790b67cc6eef5600950566adc3
- SHA512
  
  48b3f041226e1721e4cc9878d4e8b84c159d36b06408e457dde7c0eec4bf0e948da10cce24d50062005e90272b4aba44a8ca1d0c1af9f14de73fd2ee2f634531
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  cs.js
- Size
  
  2KB
- MD5
  
  27af89014329c95f5fb25f9750f9b9b1
- SHA1
  
  f2b1be83db242af1d554900909fc0e5e1ca03357
- SHA256
  
  00978059159a8c65a9ae0ac74b3668e61068464b4bc15461f446bdde7d80d964
- SHA512
  
  95f81b9b1021a3825dceb938773db46c53453342cc7dc13c8f76f0c483c85292cd41d797267fb5240655300352b5dfd0700ef5749d7c1df28674cf113a623dab
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  128.dll
- Size
  
  134KB
- MD5
  
  33af4767f8982e95225a99120b58fe44
- SHA1
  
  eb94d3c0922dd6703a3a7402a5ae0786b5b81a25
- SHA256
  
  04222f438471387b86d023a5b54a8fe8acf9747b2aba4e4d48ef1e630c9c5bc4
- SHA512
  
  8acaed76953138749184dd44e31603840ece6a20a0ce29ef24d84d1e7acf617e694f550b0ab6fe1963ba525d6c17306707b06ebcd68b6638146cf3ece2d4731d
- SSDEEP
  
  3072:Px1d2Qq7rEvOMb/4Hk8045lf5UmsUxGakYuw2NQ/val:tPZYHklYJ5eUpuIvS
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral15 behavioral16
- Target
  
  chrome/content/main.js
- Size
  
  5KB
- MD5
  
  2634d4403968115ad7a6d075c3418a3c
- SHA1
  
  080c18fb9271509d8c02fb13293f148986eb1f69
- SHA256
  
  bb2c233120cf9f03fb90a6c17bd6b9b141a5c6cdd8dcb47fddf7f997dc228402
- SHA512
  
  16f22edb03629a651971cc22f79588c867c0b96618a704e3723fb7f574593667d0a2d8e7bbb2c8d95fdb51a9c61346a1af1cb936adfab2245540731ef0ea2977
- SSDEEP
  
  96:EgzxvaruhR4uBW0s4MYHMkFEkyuO0iZGWXKlqLFK4:EgLR9Ns4MYHMkFEkyuO0iZGWalqH
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  143KB
- MD5
  
  34793435bb4e5609b4d4d15e6a3dd402
- SHA1
  
  005392f43a59411bc1f728e167ec8da81472ba38
- SHA256
  
  eb4e94575ebfcfa3ec583982ea4793fbb5b70da581c3e1b15d6a5cf37df0df07
- SHA512
  
  175866c87f5d2ed8288a68f702a5a0e6eb2c9c689751fb0c62be77247be4e4f54b2433797a4956943fa30321ff45c8de582eb0389a8796d2d566b494b8353b95
- SSDEEP
  
  3072:rQIURTXJ1GGbrAU6bcN/dOYNAlpxhbiO0V1Zvu0Ij9OKG:rseLU6oNFOYNmPhP0Zvu7j9BG
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsHelper.dll
- Size
  
  141KB
- MD5
  
  e609ae9a6fb19e0927f5cccf5918429a
- SHA1
  
  b3a9e17579b6b551479ac46048631aea78e55733
- SHA256
  
  3e500a56839eca950422e7a7a871b2adb8024fbcd5ecf611bf7ed299ce96ff19
- SHA512
  
  9e7306fb506ce8acf3a23b8e797b6a1baeae31d2513395395109f0b5fe6f6d2fcc83ce77bd6bb78d647c998a99eba8c6a6b5f6168a69b4c29a9a74196a5b9a08
- SSDEEP
  
  3072:ICp7AaalDTrAHFcQPpm95sPRcfF4c9jlE:t7LaRYHi0pmT6cP
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  faa7f034b38e729a983965c04cc70fc1
- SHA1
  
  df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
  
  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
- SHA512
  
  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
- SSDEEP
  
  48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  alUpdater.exe
- Size
  
  207KB
- MD5
  
  fa47c2abb945f9bdded7bf60116d8bab
- SHA1
  
  622e7b525606232a6445581360b8e6091cc500b1
- SHA256
  
  7dd004e18baed67e4de1fbcea0cee33851049891cd80f0dd12377ab1bf102674
- SHA512
  
  090b0087a27479c1e3b623484e6c78d3fc44c16000316e54cf6cad4280b497af2b62c8858862c68c5106c0132b6672f598f75cd2b5b83e1c1a7366f8dc469f7a
- SSDEEP
  
  3072:5a/+8GSr8zqaG2lj1xNIQfthl9I6jjVjSnYbZwilXfR:59SrimE14SthlmIgYbZ1p
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  sqlite3.dll
- Size
  
  598KB
- MD5
  
  5b2776a1be63c678b4d5b8a8eab9ddb5
- SHA1
  
  f162282015d4d0ca3387f867792f0f500d40ea00
- SHA256
  
  335d1d8af51cd40bd040fa6d9ef8be3389a4fba9fc7bc3ba1585a02764b7df83
- SHA512
  
  6e11613ca00b763d21955066c2e7a345f0d66e5da06ac78e435bb71e4dbf723d9f887cbe30d68654e1f87ae7b4b1ad3688d793f15aef0c83fba5b61e2d624bfe
- SSDEEP
  
  12288:UkpE5ya69FHmaJfBEzIZ5izh/6Hw2P48wWGIVZiVQAvKzKPTDXdV:UQsP6vmaJfBEIZa67sWGIVZiVQ6LDXdV
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

adwarediscoverystealer

behavioral16

adwarediscoverystealer

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30