privateloader | adacc03ecf3c2a0196c96067db10114b80f7ca106ffdcd849f05bb859641d1dd

Sharing

Copy URL

Twitter E-mail

General

Target

ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118
Size

13.6MB
Sample

241129-czfvgavrcj
MD5

ae4fd4096015476a60ad0e1d78cfbc2c
SHA1

2ee69fc1742e66b741628b2aa08f3bbe380f9301
SHA256

adacc03ecf3c2a0196c96067db10114b80f7ca106ffdcd849f05bb859641d1dd
SHA512

d89c21b9e02b2b2b2308f79330c82156fb4f64ba740b9a7d1842f7eccafd235880306db37434730020256fab591679835df0f54f45232732cd4a403595877532
SSDEEP

393216:LOzFavOYTmDrLUqRRXFI/An39Kt9x3KwwV44qe7BihsJ:2Fa1mDUq3XFIq+xawe4Hjhw

Score

10^/10

Malware Config

Targets

- Target
  
  ae4fd4096015476a60ad0e1d78cfbc2c_JaffaCakes118
- Size
  
  13.6MB
- MD5
  
  ae4fd4096015476a60ad0e1d78cfbc2c
- SHA1
  
  2ee69fc1742e66b741628b2aa08f3bbe380f9301
- SHA256
  
  adacc03ecf3c2a0196c96067db10114b80f7ca106ffdcd849f05bb859641d1dd
- SHA512
  
  d89c21b9e02b2b2b2308f79330c82156fb4f64ba740b9a7d1842f7eccafd235880306db37434730020256fab591679835df0f54f45232732cd4a403595877532
- SSDEEP
  
  393216:LOzFavOYTmDrLUqRRXFI/An39Kt9x3KwwV44qe7BihsJ:2Fa1mDUq3XFIq+xawe4Hjhw
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/HwInfo.dll
- Size
  
  68KB
- MD5
  
  44e5c77cae3ae434d1e4e619bdb1c39b
- SHA1
  
  9988f020eac45207d148668227b6819a38bdafa0
- SHA256
  
  326c406116026019a41c94b2e6b4c1061154f3bc9a395638063dae349f8a7579
- SHA512
  
  c3e40499d1296bebd2b1a770d9cd1f025859963a0f6dff002eb336f069f057ac4b3d2f5819232af6d2802ba1a3770f62440136030eb37355fa6f5b6ee0bc0470
- SSDEEP
  
  1536:6hS3Hyjn0HlDPnqIGbTZpJFSWLWT+3QDIlqZG:6hSXyjAqZTlDQUlWG
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  9384f4007c492d4fa040924f31c00166
- SHA1
  
  aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
  
  60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
- SHA512
  
  68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
- SSDEEP
  
  48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/LockedList.dll
- Size
  
  15KB
- MD5
  
  c159258782ae42dd593e1dc23fd9a403
- SHA1
  
  7acc527c7fa826ae9bc316402d222dd6ed6dd2da
- SHA256
  
  32764f8901f0e953a0386331ece0a33706173de25a8cdf5752dcc5ccb425244e
- SHA512
  
  7b7184e23aa4451b0c24638c475d2ae093f488ed253fc677be186da5fb71b28475bc90337357dc18d85a41fc70e681926a294374aa7018d1df05e6248a77bba9
- SSDEEP
  
  192:bxsMEKSn5Nc10H3LzCxu+1t2N8U+JHhT10WLtHMQ3hwtd/e0OX0wO:bxsMxMku+T08US50atHqMJkwO
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ShellLink.dll
- Size
  
  4KB
- MD5
  
  aad75be0bdd1f1bac758b521c9f1d022
- SHA1
  
  5d444b8432c8834f5b5cd29225101856cebb8ecf
- SHA256
  
  d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7
- SHA512
  
  4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0
- SSDEEP
  
  96:Lno1dF1kBjthIjDfCnke7+bzYz3Cl6nfkfLGO:LU+h8
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/newadvsplash.dll
- Size
  
  8KB
- MD5
  
  7ee14dff57fb6e6c644b318d16768f4c
- SHA1
  
  9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce
- SHA256
  
  53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7
- SHA512
  
  0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f
- SSDEEP
  
  96:qD5UDaGxZH52QhtZafDP9BTS9nPg83UniV/zRzGEl1DMl1zN6LmeYt4dO:W5UDaGxZH5T0j+9nl3BzG0IZ6LqN
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  faa7f034b38e729a983965c04cc70fc1
- SHA1
  
  df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
  
  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
- SHA512
  
  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
- SSDEEP
  
  48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/textreplace.dll
- Size
  
  5KB
- MD5
  
  72d1177bad86f4df8eaee2a8afe50e6f
- SHA1
  
  c36019dfa2ff5c90c9da31c89dfcda08f93df68d
- SHA256
  
  c058f4439617bdb2019c90abd9920070a23f751b9349051d0744280cd5d9c5d7
- SHA512
  
  e0e764fcafa833f94ad2d5ae2a407f3e35bd27efa078625d5a2c9372ea28d7889c4b339e457d6fd7c3c90475b2d1603142a8c46a23f59b5784478860b06ee1b3
- SSDEEP
  
  96:RHbaG527tDIdcuPYyKV20sWt5yzASW3zRvDOfGq:RHba5JCcmgV20sqhZ2
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/time.dll
- Size
  
  14KB
- MD5
  
  8676721a04a174016e5d3f3c554302f1
- SHA1
  
  5f230d048560e70bfcb05aace39ad349bc8ff0aa
- SHA256
  
  700cf2c2ae144ad688a33d2df320b415425749e1ee87b9ae61edcb42650a1390
- SHA512
  
  aa54460dbfe691ece82080df64af98eaf66374060bbf85d8e48e17ec0ab296489a9822c6e8020d5809481e90b1fec9f0558559a0f096ab0452502f7a404a2d0e
- SSDEEP
  
  192:FMGPLjEMXjEMY6X+o5lo2kCK2nKhgOezjEVLmupUH0YBMfVkKlm:FBvBz/Y6Pls2Khx7pm080Q
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $SYSDIR/PotPlayerLauncher64.ocx
- Size
  
  741KB
- MD5
  
  aee473d4e6aadd78189570f6623e0c73
- SHA1
  
  f712acdd76dc49bed004c46669d4af1cab6edc19
- SHA256
  
  40c264a9a31fb85201dac2d15bf39abc9964d12301d456c9a3bd403cf2699553
- SHA512
  
  c985f053b2ac9bac9c00fba49c2e3d2cfdad80abcb586ad4e085afeb095b28ed4faf1745e33e4853cfd98cae49699f6f8fb4648ac1e2fb874b9ed47617966a2c
- SSDEEP
  
  12288:8arQUx11ywRIald7vMb+2ECkO/cjFEZTF7XsAVdMF:/dN5hv2ECkqwFETF7cgdMF
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral25 behavioral26
- Target
  
  ATextOut64.dll
- Size
  
  866KB
- MD5
  
  0bdcfc02a5ef74c44a7fdfffa54ff380
- SHA1
  
  09080ec15b06e7c7945b298e2319e112c7b40fcf
- SHA256
  
  62afef9ca061e2329014f9c003a243244f295dad5e99ce828dd71d7fc3604468
- SHA512
  
  849b0878bf863d9cbe4cbc20bc21fa717fd4834fe02f91a95f5915b4867b59fd7743cb6d1a625551b1d8f3c4cf57e9438ec5c44eb23f95d61738fa95e7ab3bc7
- SSDEEP
  
  24576:/uMWzj53KeqGoUwpOYxgSGcBaYTXkzZ22PASbR:/uMWzj53KwoUwceBXn2PAaR
Score

1^/10
behavioral27 behavioral28
- Target
  
  DChat64.dll
- Size
  
  289KB
- MD5
  
  5b7c86306f1d0b546d1ec3564c13c14e
- SHA1
  
  557543cc2fc14f8b3ac4976e4f2c1f51a14e35ff
- SHA256
  
  0a8dcdd0f339a77ee2553dde332ed8e98fe413a3ff85a157de3f0a420d0b8236
- SHA512
  
  588fc1c431bdfeab56cc4c6d8a7230b133b2f225e1a4ebdaa9fb50c1f41f651d5e16c7373a83e9a420bc6bf4f24670062d5bcd3bd480d6dc286c0e3ef04d577a
- SSDEEP
  
  6144:Kf4w7Fj9bhkc0lZW8f2RwZkCL4Jy7n3GGueA:Kf4w7Yy8f2RwuCXD
Score

1^/10
behavioral29 behavioral30
- Target
  
  DTDrop64.exe
- Size
  
  126KB
- MD5
  
  e3531df2088a5f37e593e3c778e0436f
- SHA1
  
  cadc89b3d0658c55a41ee816b8080e9a81aee918
- SHA256
  
  3d2f4b40b95ea955491530b0e3d80116cd5337e66b130e65963d876c8399aa96
- SHA512
  
  a919a2b3fb4cff57aada54f9ed7d196c77eebfa692f6c02233f57049038ac70885f4981529633a0fb9766712e684787eaf5df0685fee2838f1f428c80f7562b3
- SSDEEP
  
  3072:BaxJARmmILaHvLaioY1ljGcM0+A65IuiQrTs:BarA56aWiv1ljXMhAHt
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Network Share Discovery

UPX packed file

UPX packed file

Event Triggered Execution: Component Object Model Hijacking

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32