General

  • Target

    f0394c619492f9ee8cc3ac34dc1454f9_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240415-d8s2tsgc41

  • MD5

    f0394c619492f9ee8cc3ac34dc1454f9

  • SHA1

    f91de9b2b7733b2f03b48e29c0c97be8f40ca5c4

  • SHA256

    6a9fe92b79c4455d935dd6c226ffa173cbe852c461ae3f5d952a43f10cffa48d

  • SHA512

    47cbec1f0d1acb79122f3824bcf6773bec0ad8e27725a6bfd087440a1f1455e55e4a7c527c54ac1657ac3c5fc1541eefc2f0649d2fa875de2d655b8cfd917315

  • SSDEEP

    24576:avZJR4zjuGj6i7ztCAE0loe6XHe01ub43d:qZJR4rlBbQHe01ubed

Malware Config

Targets

    • Target

      f0394c619492f9ee8cc3ac34dc1454f9_JaffaCakes118

    • Size

      1.0MB

    • MD5

      f0394c619492f9ee8cc3ac34dc1454f9

    • SHA1

      f91de9b2b7733b2f03b48e29c0c97be8f40ca5c4

    • SHA256

      6a9fe92b79c4455d935dd6c226ffa173cbe852c461ae3f5d952a43f10cffa48d

    • SHA512

      47cbec1f0d1acb79122f3824bcf6773bec0ad8e27725a6bfd087440a1f1455e55e4a7c527c54ac1657ac3c5fc1541eefc2f0649d2fa875de2d655b8cfd917315

    • SSDEEP

      24576:avZJR4zjuGj6i7ztCAE0loe6XHe01ub43d:qZJR4rlBbQHe01ubed

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    • Target

      $_13_/extensions/[email protected]/components/FFHst.dll

    • Size

      332KB

    • MD5

      8e2011c48e80d56c2a1d08d28326a9e5

    • SHA1

      4a1c4e6014583494fc241df9016bc8b49af6a027

    • SHA256

      5baf6676dc85eb5b4061a07892d04405019af4722fe192bc14a5fde40064d82c

    • SHA512

      5ea7ea1197ac3b70c74ac54a4690c25959a9cd788d18f51adc66e9184b450401b50a4f4d6b6614e55f15fad47bc2f7c1c344d0fd3123faa8f906eee60295c4da

    • SSDEEP

      3072:A884+TyS0QkJOGj1WyeQdgtA9M3j6K0W0yaShWYJAieXbqcRV8UFNWd/gzR1Dde5:DLJnCjHGzShbJnc8UFreoKbiG0UfpPr

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/content/PPCB.js

    • Size

      1020B

    • MD5

      071b62b69ea367351ab08e3b9b2d4713

    • SHA1

      56740405bd308b0e8ee9824954e3c04a9eae8df6

    • SHA256

      ccf4018afaa89816df8ebeda5de35d942e4e2d1900cadb19dce1ec9ccc26b8bd

    • SHA512

      9cdb37e743e5628cc8192a555358b9186d83a9f09db295ec09f121f4937b10ecb2079ce871e163bc30d290d2f1824be1159f347b776277fc4f0669b85474a60d

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/content/bbylnDef.js

    • Size

      522B

    • MD5

      1e91944edf7493ea49e86ed9b56a14df

    • SHA1

      df8b2a5cd965b071e3fd8b2405a928c4ae7c854d

    • SHA256

      02aba832ee1a51d44c00d3b627c77d022186ffe48bf7cd5aeb3969527140cd0a

    • SHA512

      4b7564f05b2de5221a6a544fc80081166b02929dccbff4bf93cae31ac8ac7553c6a409b6ce230537b82380f4ed98cd43866ca2a6b614d38b21c513c4d3068534

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/content/btnInf.js

    • Size

      1KB

    • MD5

      e60d44c3ddf9982575aeef2649bde4f8

    • SHA1

      310cf40361431fcd257a6cd292cda46e100a532f

    • SHA256

      77b4d8bc57eb640815997250c64ee6d71a64c3584f46d94c1f9caa68c5fb7091

    • SHA512

      b83df30b77f658fa8ad200257ad546893587908bdefcb269611f15a864c250f7a2e78557db2ceb580f0fbcd5b6519f0505c5c14295b41388e195b219ab7792ab

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/content/mtrprt.js

    • Size

      4KB

    • MD5

      95ba7c16d98e446412e097c370a6f660

    • SHA1

      e61b808c3fe04a3f6f573510c5f94be0d3e6f251

    • SHA256

      3f3ecc6f36aed33447b45ca8b4d0a1784d6744c7a8c4f28042e4b1173bc25c2e

    • SHA512

      cb6d9516142599a7dd53ba722c7fdd72025332ea74d7e45600a6460f4415757d5632fad6a2b7288b6dcccd8a6e7960fd9b9560eb1501fcf86cccfd19c51ea51f

    • SSDEEP

      96:QzJdAUaJsuFETgbwWiueGdA70GNWbZ3w9V3Cq4Di:oyUaJYTgk1uea6N8Z3w9V3CdDi

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/content/tmplt.js

    • Size

      7KB

    • MD5

      ae6b7bb925f76c14e06cce500ebbc8ca

    • SHA1

      61630e438c7e659409b2629a78c25bd7d3295184

    • SHA256

      fe078bc40ffc977388a1f93d81858e901addbf2239bef51f5fe5f2a29fef5d64

    • SHA512

      95928919c84c65108f80c587218d568380071f099b93180d1883642cf51873deb740381afa58b1a38cb84641fad1e815b21b0a065f5bdc95e0f7d3c0edb9f62c

    • SSDEEP

      96:ZJpFZ7+xMkgTXM7qp3NDBPFrpR1pvAiz8v9JVXA96wDsdUslRydFkbsqBuu7hqTN:Z3F+MtXMep3xBPFrpbRzzNa5cybExaPC

    Score
    1/10
    • Target

      $_13_/extensions/[email protected]/defaults/preferences/instlPref.js

    • Size

      54B

    • MD5

      ad2bc56295f1909f75aaa5e010e2835d

    • SHA1

      466215893a8f9ee026a649dee0741cda79857f8a

    • SHA256

      89aeb2c79621dc3663b15c7267fc1ef4997e72f30f042d11404291d8463ab288

    • SHA512

      36d06498fcdfaff2c514ef0ee453e76ffe45aa3df17aca05fe7cb1d1f67c3f5b0f2f08c04eb036f84abf93dc3b4992ccb5e5b2d4bf5ef21b81463d0af5bef992

    Score
    1/10
    • Target

      BabylonToolbarApp.dll

    • Size

      316KB

    • MD5

      5f933c75510ce7064600770488159453

    • SHA1

      fd431f71a4a06601df970c160c6f027cdb487454

    • SHA256

      c3aa14523d496a8cb780e568e2dc8fbd52b18d252cdf9b5ec223b6d3788ce82a

    • SHA512

      68a2eb4f5785cb3355409e662513fd54ecf6afea6fc67b18f3bbc7f0fd3724c7ade9bb0cafb2afa89d98fc8e81ecf4864de627bee65e44d0a3f50150deb55c86

    • SSDEEP

      6144:jboP92HPoeRIsTErfUeLJ5XMvFc8VDgG:voPOPoVYErUe1eFc8V

    Score
    1/10
    • Target

      BabylonToolbarEng.dll

    • Size

      412KB

    • MD5

      ce5d74d6ac19e94164de0506d46b8ae8

    • SHA1

      460787519719512980c651e12faea1ea0f248ba1

    • SHA256

      b56d0b4d10fcf0d3a7b06880e8f0b25922f51b9fcf90aac5851e822a87ae44b1

    • SHA512

      79bfb453bb6a259b847a7577a5f5549b65c472c9aff775b2a48bcf8f8cfc7dd6660354445523264f604de53c95238be2f1399e768538959192217262c565c350

    • SSDEEP

      6144:tuabG7qeE0ZYckd8pFnracGJ+ZYCaIam4s2Q7pY6OxYYW:MabGqeE0ZYSFnO/GYJIam4s2uO2YW

    Score
    1/10
    • Target

      BabylonToolbarTlbr.dll

    • Size

      180KB

    • MD5

      cf158fac1864ee97bfe3221285fec23a

    • SHA1

      329020bc3cb47fab48a978df697aa1d1e919f117

    • SHA256

      8d22f5c4b285edd6237712941a51c14036861d44e68760eb64a4325a9c4f90b8

    • SHA512

      b412d067d5ed9b5b9d581220c71a307956d6a5427c37e0a033a145f42cc8845f1f6bfee71dfa577cb83a8d8b0408c8244994554be60881f0a85770d44675d072

    • SSDEEP

      3072:SN9By1nS1BFZKiaoNQadIlD8vX7N3DPa5jerH3D:C9B/rnuadIc4erHT

    Score
    1/10
    • Target

      BabylonToolbarsrv.exe

    • Size

      280KB

    • MD5

      000a83380536df86efe77d020d812f96

    • SHA1

      93ccca1325a0037ab108ea3417eeaf166d510b76

    • SHA256

      97e8af15a48dbd5c2a57ef6b8bdbd135a47fe9a86570253206477990ed7cc29c

    • SHA512

      7b96aeab7b725060094c841eb3208e9e17f1a3c41dd9dfefacb2f521794c10056ccc4191ee9390bced07c94474dcc36525e9057d1217ae574fe323cb48a62c28

    • SSDEEP

      3072:6ky8UtwkBCApNnbbnWJUSnFJhkRbHdr1fqpDUnnS7dbkd6Z/IKBlUqH6A/rT/aHv:6T8vqhfb9SFohdZUUnnS7jZdH6UyktO

    Score
    1/10
    • Target

      bh/BabylonToolbar.dll

    • Size

      220KB

    • MD5

      91bcffe9095dfe033125add31ee7ffc1

    • SHA1

      2e62ade3fd726db37e23a16e6961433035a50d44

    • SHA256

      5d2c82a9186fb144245456e12c55744c2ff2b38a50294bda6d881e66e18e9d46

    • SHA512

      e666822cdbd9d6fa88b0936c6403c24d109aecdc28f78ebc27a73a17ee989600932ccafd6362b6687d473bd0c49d98f058076d91d985683f4a73df9fb464a19a

    • SSDEEP

      3072:Gbz/nWHs6djQbOCfYV6ZeDBXD+VWqpbfv5iF8cdN:azh6ebVQKkqxgFlN

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral2

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

adwarestealer
Score
6/10

behavioral30

adwarestealer
Score
6/10