d2623ed0469b4a7a8f9371cb91bad7bb803564bdda76fdcc5972905edb12f8b9

Sharing

Copy URL

Twitter E-mail

General

Target

25db368cc7c0308d014ce0397bd7adac_JaffaCakes118
Size

3.9MB
Sample

240704-xffqksvgrd
MD5

25db368cc7c0308d014ce0397bd7adac
SHA1

e7f05494b314747a5ddd0bb41c73289623235ba4
SHA256

d2623ed0469b4a7a8f9371cb91bad7bb803564bdda76fdcc5972905edb12f8b9
SHA512

92758b707791cf297cc0b311d38e503095e1b7769a385202c527c4242d2e2f7561d1af9d5d13f0fd6c9d739aae131d58f3eca3dd12c515d0e9a305ea6de4a8f7
SSDEEP

98304:qiO3DcIFRtNXWRaslUWKj1Bl20I+QRFKX9Mle:McQNXCaslUWm2z+msNMle

Score

8^/10

Malware Config

Targets

- Target
  
  25db368cc7c0308d014ce0397bd7adac_JaffaCakes118
- Size
  
  3.9MB
- MD5
  
  25db368cc7c0308d014ce0397bd7adac
- SHA1
  
  e7f05494b314747a5ddd0bb41c73289623235ba4
- SHA256
  
  d2623ed0469b4a7a8f9371cb91bad7bb803564bdda76fdcc5972905edb12f8b9
- SHA512
  
  92758b707791cf297cc0b311d38e503095e1b7769a385202c527c4242d2e2f7561d1af9d5d13f0fd6c9d739aae131d58f3eca3dd12c515d0e9a305ea6de4a8f7
- SSDEEP
  
  98304:qiO3DcIFRtNXWRaslUWKj1Bl20I+QRFKX9Mle:McQNXCaslUWm2z+msNMle
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a401e590877ef6c928d2a97c66157094
- SHA1
  
  75e24799cf67e789fadcc8b7fddefc72fdc4cd61
- SHA256
  
  2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
- SHA512
  
  6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f
- SSDEEP
  
  48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  254f13dfd61c5b7d2119eb2550491e1d
- SHA1
  
  5083f6804ee3475f3698ab9e68611b0128e22fd6
- SHA256
  
  fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
- SHA512
  
  fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
- SSDEEP
  
  192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  CCleaner.exe
- Size
  
  1.6MB
- MD5
  
  fdfb209c5a04b7784bb0bb4af7f0b31c
- SHA1
  
  fe5a7301bcf0593e59265a24e514b756577c30bd
- SHA256
  
  c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7
- SHA512
  
  76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f
- SSDEEP
  
  24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral11 behavioral12
- Target
  
  Microsoft.mshtml.dll
- Size
  
  7.6MB
- MD5
  
  3bf7213044dd0701e9e03cfed78bb088
- SHA1
  
  d3329c2d564a678f9425ce6be50b53fab3167359
- SHA256
  
  04bc62c7c47b6b3aa8ebbd5a776bc0a83c0e5c43ab1886b56560a404c0fcc74c
- SHA512
  
  faeb4093f430002a7a1eeaf3563e5406087f2becb01d43f36e61250209a6575eeba8fd56f5f5d56cd5da1cbcbbba0044271ed1db465ad6333ab2a958f53658f4
- SSDEEP
  
  98304:mpkg8hn86iyAB84gPjKVuH62NhND7BMe8Al:mpkg8hn8RStD7BMe8Al
Score

1^/10
behavioral13 behavioral14
- Target
  
  decaptcher.dll
- Size
  
  72KB
- MD5
  
  05aa12c2665ebd53f9505d0cf9f37b83
- SHA1
  
  c0e6e0401fe2bcf40251c3d4514c6b3d58b7a4a3
- SHA256
  
  6903e1192b4a90bd78f4a0853d6d72bc0fa74ce8800946c698a4406a60c2f239
- SHA512
  
  586ec510204719da09f2d0761a2d8f9aee0dc15252f9340fcb09137650e21354d3d3c025b362c297d0b3439587d65a3c294cbe2359aa9d6ce224c34fa674bcab
- SSDEEP
  
  1536:6/3nHtECUPHH0sV2gIHFLJtKbHBlnDLL:g3HtECU/DVVUuzBlnDLL
Score

3^/10
behavioral15 behavioral16
- Target
  
  fbclient.dll
- Size
  
  3.6MB
- MD5
  
  b8e93b77d06fe8acc4438bb88f9ae231
- SHA1
  
  b7b9116db1aae43a58bb8c0f3a002977e10bf834
- SHA256
  
  688caa8cecbca2a07baded86c567ec844b39aa3dcd50c136ab8ac4bbee8e99f1
- SHA512
  
  8e3ccb43d67ec90165b44cf5c14db73394ff8d1ac19548a1bc3fe807d361f0a7b5a8c9bb8ca34545a770795fd5f0a07c373039dbc3c6e15fd385eca263e91d23
- SSDEEP
  
  24576:CmvmNB5rZMCemDjVHBsyEJAYr3RKFgNtXy26oPjdarC/168Cs6RX1HQ46sWJvaKp:CmgdnHTuj0+qHPv203ymNsqYv3jnB
Score

1^/10
behavioral17 behavioral18
- Target
  
  holfix.exe
- Size
  
  256KB
- MD5
  
  53f0c95938fdb4b3f0f4814bc8b1b9cc
- SHA1
  
  08c2a4a3df5381f8f49a5ee2372728400bd24671
- SHA256
  
  6b3ed396381a68ca58a1f4c73f00b40e2c2f555d031690865a64f26d2c5ed7fb
- SHA512
  
  2eac3782b5c1e1f45c9492b17910b60f28d2ab69aa7ec1b3e39e3ccf628fe30226c2824309a87d1b84c288b6028b903d3085d01df762ba421c7a5d5a7ddd6f9a
- SSDEEP
  
  6144:wMWnwQaTtvIa5rD1U8x7Am6OoyFoLp1kvWlp2FN6A5B5dn01:pJQatIerRUAA0o8CTlkFN6Az5dn0
Score

8^/10

upx defense_evasion discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  ibprovider.dll
- Size
  
  22KB
- MD5
  
  7c9ff12366ec3cd4228506865b239709
- SHA1
  
  97846f581197cc21fcce278a83676aaa0096742e
- SHA256
  
  81c948d694ccd20538284500ae0eb3c3d3c01234012e0df8afc93265048ed3fc
- SHA512
  
  ef5311c31a0268ab439bedfd8d7109ee4e31c323d683aab4df5b03d00ce5a347163daebdb088a0b627afb296787a510da5bf36c55b6be767f19482c89d7a3f75
- SSDEEP
  
  384:j83zxzEW+gOvVdBka+J7DRY3BZs7rgzV+5UDPqTT+qdutl/ctSNGx5XORAjHQPy7:Y6NoDWjs7CU+qYnkFORiwPyn7
Score

1^/10
behavioral21 behavioral22
- Target
  
  icudt30.dll
- Size
  
  1.5MB
- MD5
  
  38bb7cee2aa52930485939771c44ab2a
- SHA1
  
  dd028b21c611873c28de3e80f04e787250f97219
- SHA256
  
  8c04f1ab3a07e21e88d678e6742efc69900bacf73b1e18f97b25115d3cb3e4d5
- SHA512
  
  b8169042f45b7fd08e7aab17a05fe48dca8ffd203d3b841a990d8836da33bcfaf39ee5953706281c4a47148736c5ed1d51956eca6e8efb67af9d137e1dfe7849
- SSDEEP
  
  24576:KqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:88BvPy/i0CKwFEvnckB
Score

1^/10
behavioral23 behavioral24
- Target
  
  icuin30.dll
- Size
  
  408KB
- MD5
  
  68c9f7fee9aec9b9ced22d48e2b92857
- SHA1
  
  b16cb5ef5d8dff48186005e1d7a72eb0935e086f
- SHA256
  
  2b4e8d37415dde11775cabdfea78c92d724b0d031a722cfadc524b8245c63c93
- SHA512
  
  172940d17e8ef7ace4a92b8a44f269017f0b99b4b4953e851ee6396dbb76964dbdb1a2480c21b86b08900f6d2f685378b707eda28311bb988140927ebfe6d074
- SSDEEP
  
  12288:f8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/N4:j2NKybE9l0nR/
Score

3^/10
behavioral25 behavioral26
- Target
  
  icuuc30.dll
- Size
  
  660KB
- MD5
  
  44f425267038283db1822910679aa32d
- SHA1
  
  5028fdd93a8e3ea761149ac0d766af207ebedc9d
- SHA256
  
  a128b8d73f4bc08f0b017789f57a0c20238ff0294361d5ce0233ca75f9eb691a
- SHA512
  
  918125b249945547d5c263876680867018b9442cd147670c144d6227fe01d1304d5a5305b9d57d24db1eaa4e19dae1a72b0f9f7e32a7bcd4c38b097143b2bd36
- SSDEEP
  
  12288:rGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxVPLkQGSWDhap:FmKEKEsnJbg4iFoIBliPLkvph
Score

3^/10
behavioral27 behavioral28
- Target
  
  msvcp80.dll
- Size
  
  536KB
- MD5
  
  2bc650257fb0867abd54fd460ec2bafc
- SHA1
  
  ec063526aa14bcadeeffa6d859b39a80680015b7
- SHA256
  
  9fc2e85ba84cf0459aab0dc2efac734ad7b5b4c99ba19871fe8f6e35d0191838
- SHA512
  
  903966f1739727d166131b42df6a7cd77d4f734c01437f7d96f18e8cb2c60a8e49bd952452fde8f0d3a92a002d2404ee78b97472821c190b300c594a5525c0a2
- SSDEEP
  
  12288:BuYZhMltDoD+OSt+ujajk5RnchUgiW6QR7t553Ooc8NHkC2euB:oOhMltDoqvpjajk59g3Ooc8NHkC2eW
Score

1^/10
behavioral29 behavioral30
- Target
  
  msvcp90.dll
- Size
  
  556KB
- MD5
  
  b2eee3dee31f50e082e9c720a6d7757d
- SHA1
  
  3322840fef43c92fb55dc31e682d19970daf159d
- SHA256
  
  4608beedd8cf9c3fc5ab03716b4ab6f01c7b7d65a7c072af04f514ffb0e02d01
- SHA512
  
  8b1854e80045001e7ab3a978fb4aa1de19a3c9fc206013d7bc43aec919f45e46bb7555f667d9f7d7833ab8baa55c9098af8872006ff277fc364a5e6f99ee25d3
- SSDEEP
  
  12288:iZ/veMyZ137mSEWT0VkypLvgLehUgiW6QR7t5183Ooc8SHkC2eU8bw:iZSZ13iwJmgLq83Ooc8SHkC2efw
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Drops file in Drivers directory

Possible privilege escalation attempt

Checks computer location settings

Loads dropped DLL

Modifies file permissions

UPX packed file

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32