Overview

overview

7

Static

static

7

1a2bedd154...18.exe

windows7-x64

7

1a2bedd154...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ps.dll

windows7-x64

3

$PLUGINSDI...ps.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows7-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

Baidu-TB-ASBar.exe

windows7-x64

7

Baidu-TB-ASBar.exe

windows10-2004-x64

1

$PROGRAM_F...er.exe

windows7-x64

1

$PROGRAM_F...er.exe

windows10-2004-x64

1

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...rX.dll

windows7-x64

7

$PROGRAM_F...rX.dll

windows10-2004-x64

7

$PROGRAM_F...er.exe

windows7-x64

1

$PROGRAM_F...er.exe

windows10-2004-x64

1

$PROGRAM_F...rc.dll

windows7-x64

1

$PROGRAM_F...rc.dll

windows10-2004-x64

1

Data/Games/GAME.htm

windows7-x64

1

Data/Games/GAME.htm

windows10-2004-x64

1

Data/Nav1/DH1.htm

windows7-x64

1

Data/Nav1/DH1.htm

windows10-2004-x64

1

Data/Nav1/DH2.htm

windows7-x64

1

Data/Nav1/DH2.htm

windows10-2004-x64

1

Data/Nav1/DH3.htm

windows7-x64

1

Data/Nav1/DH3.htm

windows10-2004-x64

1

Data/Nav1/DH4.htm

windows7-x64

1

Data/Nav1/DH4.htm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240628-pzlryashnj

  • MD5

    1a2bedd15436c6bf168ca435bfc7e9fa

  • SHA1

    10b20ee762c52bc68f010d57ea14262430a6313e

  • SHA256

    996e6000cebbcd231bb0ffb7c9dbe528c556d9e0081d38ecae0a6a10d432ce7d

  • SHA512

    fab563f86a9151550d7d0344e7f98e23713c530f76f8f3cf769d1a2727f1de6727449e83533271645eb8a2b6152abc9fd82400bfa9211a0de98ab75e7ccfe669

  • SSDEEP

    98304:KAXTR4Iqr84H0piOVlOkEECzZWygXjuVQm5c2kTekBez:tOxVH1OHOkEvXMSVd5cV6Oez

Score
7/10
adwarediscoverystealerupx

Malware Config

Targets

    • Target

      1a2bedd15436c6bf168ca435bfc7e9fa_JaffaCakes118

    • Size

      3.2MB

    • MD5

      1a2bedd15436c6bf168ca435bfc7e9fa

    • SHA1

      10b20ee762c52bc68f010d57ea14262430a6313e

    • SHA256

      996e6000cebbcd231bb0ffb7c9dbe528c556d9e0081d38ecae0a6a10d432ce7d

    • SHA512

      fab563f86a9151550d7d0344e7f98e23713c530f76f8f3cf769d1a2727f1de6727449e83533271645eb8a2b6152abc9fd82400bfa9211a0de98ab75e7ccfe669

    • SSDEEP

      98304:KAXTR4Iqr84H0piOVlOkEECzZWygXjuVQm5c2kTekBez:tOxVH1OHOkEvXMSVd5cV6Oez

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/ToolTips.dll

    • Size

      4KB

    • MD5

      9a0da2692764bb842411a8b9687ebbb7

    • SHA1

      5c3a459faa08a704bdf162476897ad4580ae39bd

    • SHA256

      28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

    • SHA512

      814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

    • SSDEEP

      48:apm2+v7BWCLWQqLa7JZ0ZK59HXesxdrqZZSakw6/K:Ymjv7BWoTicJZ0ZKPHXVx1MOw6

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/WebCtrl.dll

    • Size

      5KB

    • MD5

      418a34a689d5f9bb85fc951168749edb

    • SHA1

      0b75ce26883e12944abdbb67c143000fd0905d6b

    • SHA256

      915322078d1f8eb278250f446c1960e1555ffa0f8dcd048a48ed32fe7f5a5b3f

    • SHA512

      9aabb74cfd37cbda4718077ba76c7906e0f3ab5949e99f9d800fb1952757a60cabe29413f054f62e2887ff57aeb9d355532fd1662ebf3a523a500b20fe702b90

    • SSDEEP

      96:LyoDfEPD4Z0H3G7bLTb3LOg0AwBeRzrJ:LuP0aH3G/LX6g0x4Rz

    Score
    3/10
    behavioral10behavioral9

    • Target

      Baidu-TB-ASBar.exe

    • Size

      1.2MB

    • MD5

      a2803b8224d340563a6aa0e6b5426b8e

    • SHA1

      fee0ea7ab1c463fda251393f61b94d36f1634fce

    • SHA256

      327ec4da74e76b4ff4d89113dfe6c8bad332e2274a70037715991f2b7d7b9570

    • SHA512

      1edfa9e72e5d9a6a26b7f54fe2686bbec20483daccc20e7dcc8a7a867cc6874b0fb85ad90f029e41a9bcc811f9441f9ade94bf204164a87dd07c6d7d476aee0e

    • SSDEEP

      24576:S2O6gdXL5IGV8zzRHzsBlm6uWf/N8qkX9Fu5CwGxVWBHDxfdzuaPk83yFIhDv:S2OpGvRHzemXYN8qsI0MBjxEapDv

    Score
    7/10
    adwarediscoverystealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      $PROGRAM_FILES/Baidu/ASBarBroker.exe

    • Size

      129KB

    • MD5

      0ebf8f583abb1ffb40c07b87eae4edb3

    • SHA1

      ef91b3245f426b86c2b69fd9678176d3be05c009

    • SHA256

      00a481ef9985281177c1f6cc6d055c2bdb719db224637e7eb474a3eaab6305cf

    • SHA512

      0bca7bc46019628149afb00cd69d26fd59195c4cbecbb472f9afabf73e8b3eb1da20fdaa4ef03c0776d11b5c8532d16b40a927e4b8b68640067c145cb7e463b4

    • SSDEEP

      1536:K+4yiwujgLVFsP+TCwXCqm5vb+cNCZkBfT3ol9t7tG2Tn+8Z7nzrNPTJdSnaxCi7:AdwusDXUfvbhNCool9t7tG2TXJz9maD

    Score
    1/10
    behavioral13behavioral14

    • Target

      $PROGRAM_FILES/Baidu/AddressBar.dll

    • Size

      1.1MB

    • MD5

      57d9f8b6e595ef4a02d8630c53fddcc3

    • SHA1

      523dedd35613dc3221657876a3f5248e38e2a842

    • SHA256

      c9a2b8ff0be921e2ac2ff6993f7fecc486b02969254884f89af3a19babfcf7e6

    • SHA512

      e95f144caa3bb636fd4a085a24a41d95ac6dae1c47d729400bb65a37527863b02b15e98cb62121f2155956f8a2b177f3b1a11d9ba08881858924d9bd75be985e

    • SSDEEP

      24576:ToJx/zjXPRxxgihJfn9svZw/UDkK4ac3tHtTKJZTXjSH/:ToH//nxzhlXtNTKJdXjSH/

    Score
    7/10
    adwarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral15behavioral16

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll

    • Size

      2.6MB

    • MD5

      ba75680a2b710f7d2c575e816000f041

    • SHA1

      a36e8bf8635473494cf58953227b21facdfd2682

    • SHA256

      4c4c9cf71e8eb6f83fe875ad657512f1405648b30472df6597d92a679ee51801

    • SHA512

      4408149541ab4b6eda6c9d6b95995be64773559701a18096c283e503fa3b5b22b624db5956c7916f4cecd80c47036e13b100dd51069ef23292749ef4a89bfbb3

    • SSDEEP

      49152:FzO0nB7oATGdgMlFp6VnvxkSJGsar6KX6n1OGyWdSmuzBG4fi8p4VdsvhwRhXI8u:FzOCdooGdgMlFcVnvxkSJGsar6a61OG8

    Score
    7/10
    adwarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral17behavioral18

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe

    • Size

      228KB

    • MD5

      adafb685914e48bcb2cc47d02de967d4

    • SHA1

      241e39b0b51028ab451f0abb2e39492ce18e2701

    • SHA256

      2a5e0c7f3698b8192df5ca2548944632e656eb27f4b3b3bd252b370b7348ad70

    • SHA512

      8f01feebc063c0b611c7503f1bbcbd5479fb65f0acc8c66eae91965228c5c8037bafc3393b251d77f2f62d457d2e661b99d703bebac7df269792f030258388ed

    • SSDEEP

      3072:/WiVUJzWJEZgM28o5pluXZ1DbePAqtS3ryTBflB//x7tJqUqJz9LMD:DWJzWtpJpSPDbeXtS3ryTBNNxPqUD

    Score
    1/10
    behavioral19behavioral20

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll

    • Size

      468KB

    • MD5

      fd00f62dcb903fbbbe40aeb48a482708

    • SHA1

      1333d5ef06dfd707e40a1322cb40c08487b3f50d

    • SHA256

      3efdb3bf488038cf8c08b690f4bfa469fb49b9d2ed585ba3c88feb0770f37350

    • SHA512

      c83ac2be93e05527e09de4ea0b3617bbcbb5747890c7a0b861ad3b55aaaec3d148783a7fcbbacb66b92ede37440d82d41fbfe8a871273f1c6796fdcbe63131a2

    • SSDEEP

      3072:pekGhjtF5Zh0czWOWHxtXbDuFgHfrbVpFRcjuJIpJ4n26LTTaIxt0He7dcliVs1X:I+NfuFgHfrbVpFXJ8Ne7dVGbdonW6+

    Score
    1/10
    behavioral21behavioral22

    • Target

      Data/Games/GAME.htm

    • Size

      3KB

    • MD5

      e3d70f2bb998119f8c545b2104bd1847

    • SHA1

      fe1f40369cd977c475075acd332aab4d91dd06a4

    • SHA256

      1b08201844c61963dedf6753da0dcee16012af6a2d01c1b883f922b93552fc5c

    • SHA512

      6bcbfabc8b9dc5fc625ea9fd79a3287c95ad33e2c48e2a289381a3f70020a744c1d4a0fbf265a4aabdffcdeb348645a7c2aa2040fce47939ddf2fea46e451644

    Score
    1/10
    behavioral23behavioral24

    • Target

      Data/Nav1/DH1.htm

    • Size

      5KB

    • MD5

      3e9756a6b25dc62fde3b0d75a406e958

    • SHA1

      992a6a34e84a08434cb06c77a26bce478d3bab84

    • SHA256

      0327b1f790dd0b5469e186bb679e3228a9489509e5780fae49f07a8cc9622505

    • SHA512

      326743f04e3b63391c0cc14d75ee292c3d28406d7577f319f0d2dff6ec554b7e76a8d4c0b9b69a115d619290adc3c7917be1d5fa1cab832796ad151040bbf281

    • SSDEEP

      96:ucQgITXjytvQaxxRAfmWz/PZ3w+FQVZAiMhqABwLmFFgH2a:ucJkutpIz/PZ/P2Oa

    Score
    1/10
    behavioral25behavioral26

    • Target

      Data/Nav1/DH2.htm

    • Size

      5KB

    • MD5

      ed75912cd0cdb539aabbb95ddfe4ffa4

    • SHA1

      14e1c96a44b7a91a569c35718f9768e83af8833a

    • SHA256

      35037ebbb732cf045d23cd0efcd714c6b79c6a94de595d1fcb3d37e65605d138

    • SHA512

      e3ca9fb24ec89843085a33615a1d972031fac800014f84cdd2baa08688b88de7af53422168fd2a0f2ec3fef25fc2dbe6fbb0b0a57bc0bd72e64f8f3b624bc20f

    • SSDEEP

      96:ucQgITXjytvQax+wBRAfmcZ3w6FiVV9dmdWdjHdlVVbdvdndZdJGLVfI1lcq1tYQ:ucJkut92Z3ADZ1EzYsrsKa

    Score
    1/10
    behavioral27behavioral28

    • Target

      Data/Nav1/DH3.htm

    • Size

      5KB

    • MD5

      8f9f1a2f5830dd04a778d3181cf9fb0d

    • SHA1

      18d6bf0a28676e9a5e0ebf2ab0ce0d4633faa608

    • SHA256

      cc019247e66ee3e632e9f7696f82887ab953999380d4bcfafb36d3a3d9a26574

    • SHA512

      820e02dfd5330b05f89fa396d40c86f2cadf3b838817e392cec07957ad7a0d59c5ab5be9f15060372c2cadd5d4c1e2f3b89ba40ee62013c9c66cd27d61c4db9f

    • SSDEEP

      96:ucQgITXjytvQax+wBRAfmcZ3w6F8VVq+TKmkVCMAmZGEVT6jxX/MdvdPadUHdMJ9:ucJkut92Z3N28Pa

    Score
    1/10
    behavioral29behavioral30

    • Target

      Data/Nav1/DH4.htm

    • Size

      5KB

    • MD5

      6568627f505634ebdcb49a54b1ba23bd

    • SHA1

      5676b62bf71b1ab33c981a1bf17e36c31f7b68ce

    • SHA256

      1196b4ce334ad94b2fb2f3fd5e4505e60d35efa8ce0ecd31147230a333a9a0a3

    • SHA512

      6807966879cf9193f627404fa8b8fa5381ee7890c862b4bacbb15d8eb1e0e1f01af913203b61d41f221097dd6530e7b8191e7d71a8a9bec236716e9496739ee1

    • SSDEEP

      96:ucQgITXjytvQax+wBRAfmcZ3w6FWVVdWlJ1VZ86JrlGcVXSjGPod9dWd24d5WAdd:ucJkut92Z3Kvxa

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

3
T1176

Privilege Escalation

Defense Evasion

Modify Registry

12
T1112

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

4
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

adwarediscoverystealer
Score
7/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

adwarestealer
Score
7/10

behavioral16

adwarestealer
Score
7/10

behavioral17

adwarestealer
Score
7/10

behavioral18

adwarestealer
Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10