95a8e22f4586b962c8bbe268f28b9561ecfafc06bee75f3571ced253d66d5531

Sharing

Copy URL

Twitter E-mail

General

Target

201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118
Size

7.3MB
Sample

240702-vgz5hascrf
MD5

201b3ddbaeaa3cc5f7480d8fe72fc567
SHA1

18fb6b4aa14e9594a5722778fbd77fc8f7a929f9
SHA256

95a8e22f4586b962c8bbe268f28b9561ecfafc06bee75f3571ced253d66d5531
SHA512

17e4d6fff52a6bec3de4912a7fa616361ea7a758bf2a080505865fb1743c32c50bb69e3f6588b1f4dbaf4f32de855bbcd0766342b887d0acefc0b8f9980bd24b
SSDEEP

196608:McQNXCaslUWm2z+msNMl1ADcUjOIEs3jHvau5B38MVCcr9:VSslOJ3cgTjPau5/C+9

Score

8^/10

Malware Config

Targets

- Target
  
  201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118
- Size
  
  7.3MB
- MD5
  
  201b3ddbaeaa3cc5f7480d8fe72fc567
- SHA1
  
  18fb6b4aa14e9594a5722778fbd77fc8f7a929f9
- SHA256
  
  95a8e22f4586b962c8bbe268f28b9561ecfafc06bee75f3571ced253d66d5531
- SHA512
  
  17e4d6fff52a6bec3de4912a7fa616361ea7a758bf2a080505865fb1743c32c50bb69e3f6588b1f4dbaf4f32de855bbcd0766342b887d0acefc0b8f9980bd24b
- SSDEEP
  
  196608:McQNXCaslUWm2z+msNMl1ADcUjOIEs3jHvau5B38MVCcr9:VSslOJ3cgTjPau5/C+9
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a401e590877ef6c928d2a97c66157094
- SHA1
  
  75e24799cf67e789fadcc8b7fddefc72fdc4cd61
- SHA256
  
  2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
- SHA512
  
  6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f
- SSDEEP
  
  48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  CCleaner.exe
- Size
  
  1.6MB
- MD5
  
  fdfb209c5a04b7784bb0bb4af7f0b31c
- SHA1
  
  fe5a7301bcf0593e59265a24e514b756577c30bd
- SHA256
  
  c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7
- SHA512
  
  76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f
- SSDEEP
  
  24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral11 behavioral12
- Target
  
  Microsoft.mshtml.dll
- Size
  
  7.6MB
- MD5
  
  3bf7213044dd0701e9e03cfed78bb088
- SHA1
  
  d3329c2d564a678f9425ce6be50b53fab3167359
- SHA256
  
  04bc62c7c47b6b3aa8ebbd5a776bc0a83c0e5c43ab1886b56560a404c0fcc74c
- SHA512
  
  faeb4093f430002a7a1eeaf3563e5406087f2becb01d43f36e61250209a6575eeba8fd56f5f5d56cd5da1cbcbbba0044271ed1db465ad6333ab2a958f53658f4
- SSDEEP
  
  98304:mpkg8hn86iyAB84gPjKVuH62NhND7BMe8Al:mpkg8hn8RStD7BMe8Al
Score

1^/10
behavioral13 behavioral14
- Target
  
  cafw.exe
- Size
  
  2.7MB
- MD5
  
  35c7b08f7f45d54e59496855e17e8a0f
- SHA1
  
  986209258bba1b838b562a464b597ec26046226f
- SHA256
  
  8c3111371c153c75f6406e802493120337ed64772e7b94ec87cf2d563c9aba25
- SHA512
  
  d758fc89be81d3c92b38151e9deda72de86393ddde2ce6cb8f96bd437644632d0a60c791964d9117f45ef343a8897b7073b06f8cecab3c639ac7e1404b660d40
- SSDEEP
  
  49152:tTn7ZlDGoO49xA+McUhLoNYSmgg0QCL75QNH+BvqLz33vZTi/fspHXXNnd0j7d+Z:9ZlDGH4jABcUhYgZCL75QNeBurvZWHYx
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  cladgenius.chm
- Size
  
  29KB
- MD5
  
  dbaa4692ad7c6c55a1405fdde758381f
- SHA1
  
  8dc2a584d13730b49e84b8c411dffc6f949e04d0
- SHA256
  
  32821a96e104b7bc8280cfd4821503c396dba907cdd9d66fde9ef185cb32eebb
- SHA512
  
  a9b918ce2370cdfc3c84bd560462e8075948e13d4eb115b13b925dfb2e8edd1748b02362cf0c6ccee4723df3e104cd885d04c3c101a7dc317bd38ae8207185a1
- SSDEEP
  
  384:vyg2OYiy87TL43gJRtDUkv56t3U5bi8WMFS1D5XOYjtsTrcujbNJIo:vyyLNlDUc56WsMFSZ9pOcuj3Io
Score

1^/10
behavioral17 behavioral18
- Target
  
  decaptcher.dll
- Size
  
  72KB
- MD5
  
  05aa12c2665ebd53f9505d0cf9f37b83
- SHA1
  
  c0e6e0401fe2bcf40251c3d4514c6b3d58b7a4a3
- SHA256
  
  6903e1192b4a90bd78f4a0853d6d72bc0fa74ce8800946c698a4406a60c2f239
- SHA512
  
  586ec510204719da09f2d0761a2d8f9aee0dc15252f9340fcb09137650e21354d3d3c025b362c297d0b3439587d65a3c294cbe2359aa9d6ce224c34fa674bcab
- SSDEEP
  
  1536:6/3nHtECUPHH0sV2gIHFLJtKbHBlnDLL:g3HtECU/DVVUuzBlnDLL
Score

3^/10
behavioral19 behavioral20
- Target
  
  fbclient.dll
- Size
  
  3.6MB
- MD5
  
  b8e93b77d06fe8acc4438bb88f9ae231
- SHA1
  
  b7b9116db1aae43a58bb8c0f3a002977e10bf834
- SHA256
  
  688caa8cecbca2a07baded86c567ec844b39aa3dcd50c136ab8ac4bbee8e99f1
- SHA512
  
  8e3ccb43d67ec90165b44cf5c14db73394ff8d1ac19548a1bc3fe807d361f0a7b5a8c9bb8ca34545a770795fd5f0a07c373039dbc3c6e15fd385eca263e91d23
- SSDEEP
  
  24576:CmvmNB5rZMCemDjVHBsyEJAYr3RKFgNtXy26oPjdarC/168Cs6RX1HQ46sWJvaKp:CmgdnHTuj0+qHPv203ymNsqYv3jnB
Score

1^/10
behavioral21 behavioral22
- Target
  
  holfix.exe
- Size
  
  256KB
- MD5
  
  53f0c95938fdb4b3f0f4814bc8b1b9cc
- SHA1
  
  08c2a4a3df5381f8f49a5ee2372728400bd24671
- SHA256
  
  6b3ed396381a68ca58a1f4c73f00b40e2c2f555d031690865a64f26d2c5ed7fb
- SHA512
  
  2eac3782b5c1e1f45c9492b17910b60f28d2ab69aa7ec1b3e39e3ccf628fe30226c2824309a87d1b84c288b6028b903d3085d01df762ba421c7a5d5a7ddd6f9a
- SSDEEP
  
  6144:wMWnwQaTtvIa5rD1U8x7Am6OoyFoLp1kvWlp2FN6A5B5dn01:pJQatIerRUAA0o8CTlkFN6Az5dn0
Score

8^/10

upx defense_evasion discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  ibprovider.dll
- Size
  
  3.1MB
- MD5
  
  3bca69f43800aed83c069037b8efd9f7
- SHA1
  
  d6387c347b1614979578c3442ec948e3d69d73d3
- SHA256
  
  278d40f010c994a458b076d1aa4dec03f3891da394d707a254908a7afabd51b1
- SHA512
  
  83b81cfc1c2291c0a5478eb600eb3edb15cf2346a3293e9292584f981df11b5ef678962f2b73aa48ebf4a6f59021d5facde0b93565fba0a47c24c3919a7f67bb
- SSDEEP
  
  49152:TX9oxIdkM+x1VKRANMvTA1wAwspjG/HBFIt/M8xc878qLKXZYemFFU+tEyqhguij:ja1Q/g2MtEs
Score

1^/10
behavioral25 behavioral26
- Target
  
  icudt30.dll
- Size
  
  1.5MB
- MD5
  
  38bb7cee2aa52930485939771c44ab2a
- SHA1
  
  dd028b21c611873c28de3e80f04e787250f97219
- SHA256
  
  8c04f1ab3a07e21e88d678e6742efc69900bacf73b1e18f97b25115d3cb3e4d5
- SHA512
  
  b8169042f45b7fd08e7aab17a05fe48dca8ffd203d3b841a990d8836da33bcfaf39ee5953706281c4a47148736c5ed1d51956eca6e8efb67af9d137e1dfe7849
- SSDEEP
  
  24576:KqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:88BvPy/i0CKwFEvnckB
Score

1^/10
behavioral27 behavioral28
- Target
  
  icuin30.dll
- Size
  
  408KB
- MD5
  
  68c9f7fee9aec9b9ced22d48e2b92857
- SHA1
  
  b16cb5ef5d8dff48186005e1d7a72eb0935e086f
- SHA256
  
  2b4e8d37415dde11775cabdfea78c92d724b0d031a722cfadc524b8245c63c93
- SHA512
  
  172940d17e8ef7ace4a92b8a44f269017f0b99b4b4953e851ee6396dbb76964dbdb1a2480c21b86b08900f6d2f685378b707eda28311bb988140927ebfe6d074
- SSDEEP
  
  12288:f8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/N4:j2NKybE9l0nR/
Score

3^/10
behavioral29 behavioral30
- Target
  
  icuuc30.dll
- Size
  
  660KB
- MD5
  
  44f425267038283db1822910679aa32d
- SHA1
  
  5028fdd93a8e3ea761149ac0d766af207ebedc9d
- SHA256
  
  a128b8d73f4bc08f0b017789f57a0c20238ff0294361d5ce0233ca75f9eb691a
- SHA512
  
  918125b249945547d5c263876680867018b9442cd147670c144d6227fe01d1304d5a5305b9d57d24db1eaa4e19dae1a72b0f9f7e32a7bcd4c38b097143b2bd36
- SSDEEP
  
  12288:rGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxVPLkQGSWDhap:FmKEKEsnJbg4iFoIBliPLkvph
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Executes dropped EXE

Loads dropped DLL

Drops file in Drivers directory

Possible privilege escalation attempt

Checks computer location settings

Loads dropped DLL

Modifies file permissions

UPX packed file

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32