Overview
overview
7Static
static
3662d135b8f...18.exe
windows7-x64
7662d135b8f...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ar.exe
windows7-x64
7$PLUGINSDI...ar.exe
windows10-2004-x64
7content/yt...log.js
windows7-x64
3content/yt...log.js
windows10-2004-x64
3content/yt...ons.js
windows7-x64
3content/yt...ons.js
windows10-2004-x64
3content/yt...eio.js
windows7-x64
3content/yt...eio.js
windows10-2004-x64
3content/yt...als.js
windows7-x64
3content/yt...als.js
windows10-2004-x64
3content/yt...ory.js
windows7-x64
3content/yt...ory.js
windows10-2004-x64
3content/yt...18n.js
windows7-x64
3content/yt...18n.js
windows10-2004-x64
3content/yt...les.js
windows7-x64
3content/yt...les.js
windows10-2004-x64
3content/yt...ork.js
windows7-x64
3content/yt...ork.js
windows10-2004-x64
3content/yt...ons.js
windows7-x64
3content/yt...ons.js
windows10-2004-x64
3content/yt...age.js
windows7-x64
3content/yt...age.js
windows10-2004-x64
3content/yt...der.js
windows7-x64
3content/yt...der.js
windows10-2004-x64
3Analysis
-
max time kernel
101s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
21/10/2024, 08:42
Static task
static1
Behavioral task
behavioral1
Sample
662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
662d135b8fd1bce690264eec52cc5ea5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ConnectionTester.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ConnectionTester.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/y_toolbar.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/y_toolbar.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
content/ytoolbar/dialog.js
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
content/ytoolbar/dialog.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
content/ytoolbar/feedFunctions.js
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
content/ytoolbar/feedFunctions.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
content/ytoolbar/fileio.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
content/ytoolbar/fileio.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
content/ytoolbar/globals.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
content/ytoolbar/globals.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
content/ytoolbar/history.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
content/ytoolbar/history.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
content/ytoolbar/i18n.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
content/ytoolbar/i18n.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
content/ytoolbar/installerVariables.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
content/ytoolbar/installerVariables.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
content/ytoolbar/network.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
content/ytoolbar/network.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
content/ytoolbar/options.js
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
content/ytoolbar/options.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
content/ytoolbar/setHomepage.js
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
content/ytoolbar/setHomepage.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
content/ytoolbar/toolbarBuilder.js
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
content/ytoolbar/toolbarBuilder.js
Resource
win10v2004-20241007-en
General
-
Target
$PLUGINSDIR/y_toolbar.exe
-
Size
1.8MB
-
MD5
6dce8e72c3b5a6f7196e5e481f713682
-
SHA1
4ae7e92618eb20397c83bbd50adb5dc997dfbdcb
-
SHA256
e4c6adf760bd2eec05394bba71dc5ed5ada554ed8bde3494a34d25b3937eb319
-
SHA512
6550fd8f61323babe648f2a4dde0123007e86e24f3a3fd8c92fba4f0526ccb7aaa7f5a14d27749c5113fafe15c47ee4f1774f173de3ea80e5c2fb06339b0590a
-
SSDEEP
49152:BlsKLVTybPswErhM3yAW1loLQQL4szSkDzDsXWW/:hyw9rhMiAx8QLjXDsx
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation y_toolbar.exe -
Loads dropped DLL 17 IoCs
pid Process 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe 2908 y_toolbar.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language y_toolbar.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2908 y_toolbar.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bdc99c3ef9546974b650e8ca41bfd2a8
SHA1825c16177248e31bff25878ffcc625837bc7d7f7
SHA2566f660cdcd8384b3ad37221bb03975bb380ae9a940b4b7aa35a6afbaf7ee35b75
SHA512fe80252d896309d003df350cac597153f2b82735715eaf305d4db1f90431cb92b7e95434a97c4ed2d01579e6374f05cb5a4be1685ad1d08611bb2b21c111ab89
-
Filesize
1KB
MD5b0a28863ada2c5ed535f28db721bffcf
SHA14cca344c8dcc7b463dbbe8e5674635c8ca19bd66
SHA256bf6f03f0abb5f88dac58898c483f55f87911b62682088d3dd41cf7e1e6860fce
SHA512304db6818d0c1e27e58d089473d7973321324e9b4264dd86e45ef2d6cf20863bef792ef507584bab569daa89a6b0815c2f5fd5b8c02d0d4e9aed8a4b48bdbaa6
-
Filesize
1KB
MD584e2901534c5e0f2d343a799d0253ad2
SHA1c5b68d71c67d9774a297496ad21cbdde61938886
SHA256e23b391285c9899dad9ff2bdd0c02b74be32eb8cfe181a47c220b53b826cc01d
SHA512a748212cb5eb3c709fce8c0fe22b6c0455f20761f34128e7a52c2da714cb4cc18d58bb3f1bd6eb69eb5e46d127a847a91b248aaf513b11b50ed2fc6e31e17a70
-
Filesize
12KB
MD529459d9ee2bce32ed937fb1f965f9d5e
SHA18fff45ed45f3af8f8c248eba9a1c02c9c5fc911d
SHA256ad07968b7d93ef19e10e1deb52e0c912e96dde30c0a49a0239daf176fd4c9ef5
SHA512d4ef4eadb0f53e7086a1d242bf7f745ad79d83d9ecbfaa283cf0dd499271a804589a575040bb20d5c98e86197cc65ca05ab1a358c556ea82a3e297d0255015a6
-
Filesize
9KB
MD56621d1f4e191c018a0d8abb5c610d1aa
SHA1c3af35a5df9361e2805bd84d3e3144e0b9c44d5b
SHA256d8d38c8983c4e29b13c93295876bf3726023fafd05985f354e09b806993f78c5
SHA5126029146fc1f193214aa0fd81d7ca724e741fd79c55e42976cb69d37464e55d1258fa866fcfadc0182f3726de018381c660622d78617cd726472163e847a3f3a5