97a9006b85e59128c17b85a2e53395b125d4394ed325da83c990189bf8b7004c

Sharing

Copy URL

Twitter E-mail

General

Target

1aaef4e0e3f20a822942c519c7625e83_JaffaCakes118
Size

1.3MB
Sample

240701-kwzgeaseke
MD5

1aaef4e0e3f20a822942c519c7625e83
SHA1

aacae6f9a7d99dea349bcf06b7c5f0e4505084f8
SHA256

97a9006b85e59128c17b85a2e53395b125d4394ed325da83c990189bf8b7004c
SHA512

0e9eb73d8b98e356547a4061e2ff645f73a2ffabcb42c035baeea81c1a915bb6b6ec055507f392c10c43830ea1d2611682e4ca17c0e55f682b152133144c01d3
SSDEEP

24576:gXnDzCDE44x9zPLFCULo4pDyLqjkF6ukCCOkyXk9fF9aTjmm2jwsOyetr8lzXjb:4CnGlLFDOpX0F9aPm6sOyQr8lzXjb

Score

7^/10

Malware Config

Targets

- Target
  
  1aaef4e0e3f20a822942c519c7625e83_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  1aaef4e0e3f20a822942c519c7625e83
- SHA1
  
  aacae6f9a7d99dea349bcf06b7c5f0e4505084f8
- SHA256
  
  97a9006b85e59128c17b85a2e53395b125d4394ed325da83c990189bf8b7004c
- SHA512
  
  0e9eb73d8b98e356547a4061e2ff645f73a2ffabcb42c035baeea81c1a915bb6b6ec055507f392c10c43830ea1d2611682e4ca17c0e55f682b152133144c01d3
- SSDEEP
  
  24576:gXnDzCDE44x9zPLFCULo4pDyLqjkF6ukCCOkyXk9fF9aTjmm2jwsOyetr8lzXjb:4CnGlLFDOpX0F9aPm6sOyQr8lzXjb
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $LOCALAPPDATA/facemoods.exe
- Size
  
  1.2MB
- MD5
  
  5f856a489cc99dff30713f9fdab715df
- SHA1
  
  7037878b2db6d2a611613c21c693458d3cfc4fc9
- SHA256
  
  065812a7db221fdbda974d2c9e9d3a26507d17fcb433cae77d78a21c843a8bf8
- SHA512
  
  6e01128d4ff6a0aab186ddd6beaefc6756ec8b4c84ef13a0acb786166b9de6711cc7e622135dcb1fb62b2bd8cbd56a2e0bd31e14c5a94b9805908cd3a13d8226
- SSDEEP
  
  24576:R30p4dk4yO1bzppgJLo01dvXjyoLTkyXN3VOBj7mEsLS:up4tNCLbdzLTpXDOR7ELS
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ExtractDLLEx.dll
- Size
  
  7KB
- MD5
  
  ba4063f437abb349aa9120e9c320c467
- SHA1
  
  b045d785f6041e25d6be031ae2af4d4504e87b12
- SHA256
  
  73acba7dd477dfd6cf4249911f4e3c781196c7cf6b28425761dcb2d4f90c36c5
- SHA512
  
  48a813f55834069f8c6b90740de3df01564a136b0fe637f9f85cc1a19d7f32b1f70205ff2462526508fe3c1962d7c1e8e384c40463e328538aeba28e8d0fb92a
- SSDEEP
  
  96:lyEPmi/06iLbX8SIP59L1MmqPbgkk/eWKCHGojGYYIF/ggiomsTeZUzI:lyEPmymbMbPZOz+/eWJmoUItiopTeZ
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  994669c5737b25c26642c94180e92fa2
- SHA1
  
  d8a1836914a446b0e06881ce1be8631554adafde
- SHA256
  
  bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
- SHA512
  
  d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
- SSDEEP
  
  384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  56KB
- MD5
  
  cc0bd4f5a79107633084471dbd4af796
- SHA1
  
  09dfcf182b1493161dec8044a5234c35ee24c43a
- SHA256
  
  3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c
- SHA512
  
  67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3
- SSDEEP
  
  768:WmswCIbuzwEmd7Fp4KpDAKngV9tV3rJy63JgaVwoz7si4uYqUYWu1gYwmj552RFB:WmswCIbuzwEy7n3YD3Jgw7shKrp55io
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  7579ade7ae1747a31960a228ce02e666
- SHA1
  
  8ec8571a296737e819dcf86353a43fcf8ec63351
- SHA256
  
  564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
- SHA512
  
  a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/chrmPref.dll
- Size
  
  160KB
- MD5
  
  e02590b95a6be07cea5c5f3daf66e775
- SHA1
  
  28b6350c43d3804f69faa5f48cab70e229dd182a
- SHA256
  
  a87ec5894c667c5eb22201172792027a525a375a9e6468aa4612ccf6875b1112
- SHA512
  
  30e3abdeb2fa3c2e1bdc94e1e2b9f7fa9c85ff3d10198166e99e66a92a0ae4d62871a621eab069b1dfe2a99a7a4d457a494d91c811f1bd93c51f120f5ff692b5
- SSDEEP
  
  3072:0DNlF2bX2rBTxNwIjCRMOwt+kG2Dkq150yurKNN535xzFHcu:0DNlF24BmXH2f50L4ji
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral19 behavioral20
- Target
  
  $_34_/extensions/[email protected]/components/FFHst.dll
- Size
  
  363KB
- MD5
  
  4d858f32da07588f97a992cd083334ca
- SHA1
  
  75572a0793acb41e977c8ae0adc290f5b23da946
- SHA256
  
  73f1c3bed7c14088ad837cf6468aecbdf37f8e9ca86faeb4fc7e5d79af071e09
- SHA512
  
  37bb7b0ce98c2e345ce5508af2d7dbb30a85a2ce90d55887318105d71a88965445c2d1e7d7c129c400fd38435ea01bc72fac93e75770f01a8a114ad35e279fb4
- SSDEEP
  
  6144:XyWoZ5OaHK/HHWAV4/yZj8sNkWS4P7voGfk:if5zHK/NVpwsNkWSAoGs
Score

1^/10
behavioral21 behavioral22
- Target
  
  content/facemoods.xul
- Size
  
  3KB
- MD5
  
  5f6549a7206671e4b1ec31b7d19f1c73
- SHA1
  
  9d5583ded41b79ba4b42f9c1d84aa23136de9e2f
- SHA256
  
  87308004d025e2a5c31a8b88c2430dcfb846b4ab08a71eaec98b97170ea41d1c
- SHA512
  
  a53b2ec39ff6487786b7995b2ce494d775ce8f47f56ab2800caf8537eafa63c1d6fb3c7407a7a1662889ce85c11b9ce8473354f063e39b093c4e761c799728e8
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  content/mtstart.js
- Size
  
  10KB
- MD5
  
  9978cfa2a984e8c46eb7701ef27735ce
- SHA1
  
  ac622df5ba595f6d1ae7e88541c62462b5176fb0
- SHA256
  
  9ce029c379fa6709794e48fed80a981fbaf5baf69ca842fca1bf9e796f40cd5b
- SHA512
  
  8d18218313b7bc21517556049452da3e887e531b357804a26d6ab31d6ea2467ae858889ecec7ba42607e197c0c54b4d13143c0fa42264299e050fd8f394d524a
- SSDEEP
  
  192:YoBWK2dgQbyHafCl3HdHmJTC6axF8CPyjdSgpVbJzTgSCevXmIXHdbKi7p:YoHQGaKl3HcJTbR5RgS9mIXHtF
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  content/prefLoader.js
- Size
  
  2KB
- MD5
  
  bf06e3e9873338fafb57fca1d1f2c92b
- SHA1
  
  7fa1107fb960809be8f38a6aacb0031a47cd7a09
- SHA256
  
  542b9822100d6d18f43312dc798b0dccc1a5326750c5687de2c775c2d3129213
- SHA512
  
  f50d1b8b22dcb102d5ca318b791c2f29cf4d4b24716f84cb4efe1688ae214d65ade2dc32567fc68fd3f8de2e3abb61ebcda703e615f2be3efbc53d305809b003
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  content/tmplt.js
- Size
  
  7KB
- MD5
  
  63e3e1967199054335ed1a8ecdd24901
- SHA1
  
  386daff20cab67c044d2e5b9f63c97be05d2d98f
- SHA256
  
  cca94fab70df6e53ac189d41e112425482712e87b67e09abffcc7494caa0bbd5
- SHA512
  
  029a8d6f231f3d082ade80aa85de9d57aaa1e4f1a812bc0b541dd03667bf2a8325251b8c34b8580cbcb571ec2cf7884d47e667b27bfc52d4448ea3b8653077b0
- SSDEEP
  
  192:dxT17sFA/oRQwGPV4UlbLQzJSc7LK8Jt8ZaG5:vpUAgG59xlbQccv8
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  bh/facemoods.dll
- Size
  
  259KB
- MD5
  
  d0813204b590d8e8b98627fd75610e9d
- SHA1
  
  8d465e41bd3a156d6c3b12a562473193b9878a7d
- SHA256
  
  b52d250a3cc40ffd3da353fc02a2b8f5c93ce7341b071228c8401a780c56313b
- SHA512
  
  698698aacdf240812c5ab76cff7d5b4313c552b7df276cb3a63f56e13ac8400477bb01c6b93bfd7ef191bdf834db62afc34d42db239c4108b2eb9f36a18297a6
- SSDEEP
  
  3072:XPDSnuDyl0Gk5SMir25KeUpSDeVWwUz+JS4v5r95paU5paJu8cr2:fDzg0GRkKkwE4Vw7JuD2
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Loads dropped DLL

Installs/modifies Browser Helper Object

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32