e61ca564f33aead20096d4243f59e79339c44bc3ee26e02d51ac65d01e9eeb67

Sharing

Copy URL

Twitter E-mail

General

Target

b0f77e7f5fa8199b9be31859b552b646_JaffaCakes118
Size

1.8MB
Sample

241129-npx7jsxqhp
MD5

b0f77e7f5fa8199b9be31859b552b646
SHA1

09b8fe4c1e26882c62f757faa34f3df15e179b94
SHA256

e61ca564f33aead20096d4243f59e79339c44bc3ee26e02d51ac65d01e9eeb67
SHA512

fd174dc53ffb52231c2dd3f3f1698a4de70be8950292ab5217db3faa839c67f7fb369227deb2e5f29079e4debcb630a5e5cb4f4c978d98e2d42131aef302d46b
SSDEEP

49152:x4fr4mcpPl1VQIsUnAuueRSxNmg2Ovv5qLQT15lSOy:Wr4mcpV3nAuvSxjnkO15lSOy

Score

7^/10

Malware Config

Targets

- Target
  
  b0f77e7f5fa8199b9be31859b552b646_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  b0f77e7f5fa8199b9be31859b552b646
- SHA1
  
  09b8fe4c1e26882c62f757faa34f3df15e179b94
- SHA256
  
  e61ca564f33aead20096d4243f59e79339c44bc3ee26e02d51ac65d01e9eeb67
- SHA512
  
  fd174dc53ffb52231c2dd3f3f1698a4de70be8950292ab5217db3faa839c67f7fb369227deb2e5f29079e4debcb630a5e5cb4f4c978d98e2d42131aef302d46b
- SSDEEP
  
  49152:x4fr4mcpPl1VQIsUnAuueRSxNmg2Ovv5qLQT15lSOy:Wr4mcpV3nAuvSxjnkO15lSOy
Score

7^/10

bootkit discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  GemsContextHelper.exe
- Size
  
  1.4MB
- MD5
  
  a54a5308b3dadeacb763a31d8b8863f7
- SHA1
  
  1282aa88ffebcbfcee4c16c811663de357e5d31a
- SHA256
  
  715b7b50c67bbe46b4822a33c9a05434683acd68cfb09ba3ff983ba7eeb429e1
- SHA512
  
  dd1da20ef211896d0ff5353818758474a0f667e79906f9d9e21baccbdc39193cfc223e3cc2db87298ef70b7cd81d7571365de0ca43785fefd189626076a9559a
- SSDEEP
  
  24576:WoL20mfkD7X9+gTC4mQeXcpPau71VQsy+s8/ztRAkTHOeuU64SxNmg2XbKSiv5KJ:B4fr4mcpPl1VQIsUnAuueRSxNmg2Ovva
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  conadvanced.exe
- Size
  
  565KB
- MD5
  
  14064cd74d1ed190b9fa3297f451e075
- SHA1
  
  934250252fbac0e1d02b2779133b2106da3044d6
- SHA256
  
  989ac400a67c137c057bf70b5f6b8547d181cbc628b615b41bb7839a23989e40
- SHA512
  
  c434070f84244d7e4e57ee9a75f60a442a3b209c09711c224f218e808b05779225b677798322f4ea2db507678efcbd0c58a1fd69bc954c6efd1dd952e4452254
- SSDEEP
  
  12288:mEGFU2ob3YmptYPGahkQ4DQFu/U3buRKlemZ9DnGAekj51LT5nTf7:ViaXFAjP5f
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral9
- Target
  
  contextfr.exe
- Size
  
  538KB
- MD5
  
  9db988516c3a6c86c6f27b99d44837ae
- SHA1
  
  03343b2f88b8b97978b9c9359faa1ef5f50ccbda
- SHA256
  
  84b58dd6b9543cb763392fafc8d4fae70cfa477a8a703d7f531149789db7b781
- SHA512
  
  8e474fc9caedb1773ad6311f47a8a949da059bcfb9cbf2b24e5414acadbbce822e97180a44177d286fa4a22fa2c1612437ad2ea4df1e0775f6fc2b25e49d5428
- SSDEEP
  
  12288:UJbo0QRhBa2TzWWWhvSj4nP4DQFu/U3buRKlemZ9DnGAepl9L3b6wGy8:4o0QhWM2wlB3b6wGj
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  contextnav.exe
- Size
  
  552KB
- MD5
  
  91abcdf13c9f48de5cc5a746085af795
- SHA1
  
  e891fe82652810eab138161ed6c2f58a6b659068
- SHA256
  
  e68abab435d8a03c4fb3f90ab80ab9378a89049d66a7ead124f511a1d97bb6a5
- SHA512
  
  b9a34f06247a8724eaea26400f3bb1a55f6f2fb7d6c56f025f127fa8894b191e15076f13f0d0a8fded2b0a9d445170675b78b9af2e28a9fc2c3d5101bc564804
- SSDEEP
  
  6144:OMDr/dxR33bkL7Hy1MxCtQvR27jjbXnaRc4sTKXZsnla5Ry72uP:OMD5/gLExQs7j6aTwZ4hPP
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  contextprod.exe
- Size
  
  565KB
- MD5
  
  94e7f1da370ab9d520ae0d294f08bb62
- SHA1
  
  c9e07cb9d31bb1d3313b928865b85dd4797ec898
- SHA256
  
  2e5a60de65e929cbadbfb9d72d4804fb7d605060cdf8636a53b8808b389292d9
- SHA512
  
  c9f0243c697ec1067af99db55478489d471b631d0969cb1efb7c1099456b2ce1798af4b5428b844f3750ad2553e9005cfc793fc21ea9baf9ff9bdbf01d710858
- SSDEEP
  
  12288:5mGFU2ob3YmptYPGahkQ4DQFu/U3buRKlemZ9DnGAekj53KlaJZ:IiaXFAjIu
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  libwindoc.exe
- Size
  
  364KB
- MD5
  
  5a01e91c443f25d76423997f7bdb247b
- SHA1
  
  a6e880346a6429bf86b3b2cdbbfbf985e09fb992
- SHA256
  
  40def9f54edf4648b46f188566d3a722316975fa8203ae8f51954b8ebc1ac6c5
- SHA512
  
  c7a1b80d97e7773f4d16825b20b0bbce810070485d4ee3c7fc6a9a945c0e9e6c94e7663aa27cbc55bb61b96edc7b797f63bb7e2770a1b178c0ab079463501a03
- SSDEEP
  
  6144:W9WZBxh9O5Ry72Uu0fvO4tiqhz4d7V/27R+HGhTx0Q5ku2UBPPLJ:SWZ/13bfvOSz42N+HGhTX5Z2cPLJ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  notifications.exe
- Size
  
  397KB
- MD5
  
  85b83f61411a86c76c07def2226bca96
- SHA1
  
  63f85b0c950e63d5b41bd5a73e9d22457f2144ab
- SHA256
  
  cf547ece3471c2f7f435168a37f9102e0df12aaf883070413cefe1b2350834fd
- SHA512
  
  3ef2d2807a6b0daf76444185f04d5130d287541f12cc477b6b59e091f3494f7e488089f716f86e5cf2c5baccc9af345ff9d2ecf86e45247fd6ded9284d4ef77b
- SSDEEP
  
  12288:zaShqVxubHyBvo3zxQUl7fUE9Flme2OMCj0JoGBSWim:zvqVxubHyBvo3zxHvM5Cj0JPSU
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  rscnet.exe
- Size
  
  318KB
- MD5
  
  8888e2ce85d30f89fe91adcc72100994
- SHA1
  
  97494d303750de4a0262bd63d3b0dc25918d18f1
- SHA256
  
  937a8d0f6763b80d627ee3a23dbba58ddb85310297a2b9ad44ffc8505b4c8627
- SHA512
  
  f74411ff5c49fde719d8c12138fff614706f8b830009133fc89ebcfb96e5a891cfe97d5ff9ea621702e930ac13b83c5cdbd62f6f3df36986e9959e6476ae1b88
- SSDEEP
  
  6144:XPQEjXMtFLmYn+5ckS5Tft19tq8aTAHyt0qAQsmPrOzP6XT:IEjX+FZ+unT1yTniQFPtXT
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  GemsHome.exe
- Size
  
  451KB
- MD5
  
  87c52216d5c9b3c4906454e3566d07ba
- SHA1
  
  249c240ce95493e16e38b62d80e10c1449a1ed03
- SHA256
  
  9c01e09431217cb13236c0703e84fb70a3be93f876ae16c3206bf06c70d15d42
- SHA512
  
  81eecd5400fd8b87451bc36b80e2f2ef7de5923f8d4ee619f67f53bcbdb5a9c9e37e0049bb7f3ce25f2f298b8608d53d1c445983b19bf45a02b32cd03c0db56a
- SSDEEP
  
  12288:1K2mhAMJ/cPl5iiK/Aqmd61Nw4Pc5ZYRQbEhMc1EY/sAB2R8PW:U2O/Gl5hKyd61Nw4PcPYZucBk8PW
Score

7^/10

discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral23 behavioral24