General

  • Target

    JaffaCakes118_c7fcd71ef84db6d5f278a831c6f3ba64

  • Size

    1.1MB

  • Sample

    250119-pty53sxnes

  • MD5

    c7fcd71ef84db6d5f278a831c6f3ba64

  • SHA1

    2fa6abc368304a204f053f0bcd16eb60688c5b2b

  • SHA256

    19ac07de229d194035359bf19b60ffe406e48631899b54a91e4401e40148d258

  • SHA512

    e2fa805e3f0ad81ac75e88a4feef7c59a643dcc8e56a7e4118cf0652822d05a4fe9fe6c766692085a50b0b8e0f3af478fc862c67694d40780afe63fd53399d34

  • SSDEEP

    24576:5FiJT6ICVhccPE3jqM90YMZCnR+cTRE2d1DHXg9bgYVj6wrF+bT4OJP:gTItM3V7MQnVTRFQhgYET4SP

Malware Config

Targets

    • Target

      JaffaCakes118_c7fcd71ef84db6d5f278a831c6f3ba64

    • Size

      1.1MB

    • MD5

      c7fcd71ef84db6d5f278a831c6f3ba64

    • SHA1

      2fa6abc368304a204f053f0bcd16eb60688c5b2b

    • SHA256

      19ac07de229d194035359bf19b60ffe406e48631899b54a91e4401e40148d258

    • SHA512

      e2fa805e3f0ad81ac75e88a4feef7c59a643dcc8e56a7e4118cf0652822d05a4fe9fe6c766692085a50b0b8e0f3af478fc862c67694d40780afe63fd53399d34

    • SSDEEP

      24576:5FiJT6ICVhccPE3jqM90YMZCnR+cTRE2d1DHXg9bgYVj6wrF+bT4OJP:gTItM3V7MQnVTRFQhgYET4SP

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/MyBabylonTB.exe

    • Size

      898KB

    • MD5

      7c90f77d368cabea7b726a3758d6d761

    • SHA1

      dd569e70a6786216bfeb2e06442f644d3ced4929

    • SHA256

      960c95043c1ab3c4b4cd7b331cfe753ff1c5e641a3389161ffe7011d497b0c02

    • SHA512

      769f962c38e1964cf03e27ce977863be1bda7452cd2000c764387d70a7d43dd78d693dadf2fe5eebdb163069cc0781871907efd70a184b69f706c034a237bae6

    • SSDEEP

      24576:mntSf1MvRztcBax4ckpSy+k50pdEGlWU3W:mt81MpByaxTEf03h3W

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      GotClip.exe

    • Size

      229KB

    • MD5

      4d8aea76be064cc4d7276599b339e00f

    • SHA1

      e5c9667f7a48df6af7aca76dedf9581ced975395

    • SHA256

      eed352ae07bc2c24a59168cad56ad7f47b4319748b0b9fbe2128e30791f9198a

    • SHA512

      0a7cad8c39f227aacfe683df5be4330d10ff7cef8712da142d78fc276f1c5d49c30f890ef7e474e18ee871b3bae53ca341382ec9c651c006da7f13678c0ed600

    • SSDEEP

      3072:D4sYuy84bRadbwfzHNqWpo26sXQxpcTiRv+pcTiR+eD+0y794m/pcTiR:D9nI+cIOd6xOTiRv+OTiR7a94QOTiR

    Score
    3/10
    • Target

      Uninstall.exe

    • Size

      81KB

    • MD5

      24bf03c516d9c81f30c9d4bad53296c6

    • SHA1

      f2c16cbbc994e91e8fdf355029250e0820f9278e

    • SHA256

      5b2df50e887a5b80d5d36f6d1ec31cda7c32540335768dce2bb409966947e74f

    • SHA512

      dd08b4b07ba48ebcb9e8141d1932373121d54725a74e59c013bfeaadc5ee0924a1eb0b318d6a308f8e0015b22d4154549b64fb05c2b25273fd228a1379f6f78b

    • SSDEEP

      1536:SQpQ5EP0ijnRTXJB6HncTDJXqC7x5WnMjVlo:SQIURTXJBIncTDBqCsMRlo

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      launcher.exe

    • Size

      28KB

    • MD5

      57ee4bf53a3fc949e381b8a0f826f9c0

    • SHA1

      ebe9dea146ec22dc4f6e2bd19fe89762c976f129

    • SHA256

      9b42586c3f62d7a402ee834d9dd471a6a009dde9eaf7779aaacc73a29ba00a72

    • SHA512

      f1d884503dfbf288d6985f2bfb34002ec85f5ef90f0d23eed9e6e93f42f3f0bb7c7d4034d971f1c8470b7f6939a90e024a5e700d137aeebf5bc1a08244f3b652

    • SSDEEP

      384:V74kkwFjPPnnEK40S1KehwhDaDBWyhLH8G:1jkL1OqzGG

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discoveryevasionspywarestealertrojan
Score
7/10

behavioral6

discoveryevasionspywarestealertrojan
Score
7/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
7/10

behavioral16

discovery
Score
7/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10