General

  • Target

    f0afec022f8492766bfefd0d07ef8abf_JaffaCakes118

  • Size

    331KB

  • Sample

    240415-kp2cesda2v

  • MD5

    f0afec022f8492766bfefd0d07ef8abf

  • SHA1

    45d06e99fa1f60b461a4f7bf80f1c96bc3d010eb

  • SHA256

    f02074eeb1cba11ac24a507940543b0ffb18121b7a23a556bfb53e0c74a8fc84

  • SHA512

    c7bd8afaf24a0717c99a05b5fc3b6c4069902a9e70c68ac9cd5c2cf8328aeed8cfffe8f456acd1fbf5a6c117bc8473f38e3ebd12df88ac6b05727cab60903dcd

  • SSDEEP

    6144:WXTN626ii5qvbmh/Jv9khqOHl/DaNq8dMdfwMhUDL3dRjCANctUcmRYXul9hgDh:6qUcMqwl/DaNqfwMECAKytll9hgDh

Malware Config

Targets

    • Target

      f0afec022f8492766bfefd0d07ef8abf_JaffaCakes118

    • Size

      331KB

    • MD5

      f0afec022f8492766bfefd0d07ef8abf

    • SHA1

      45d06e99fa1f60b461a4f7bf80f1c96bc3d010eb

    • SHA256

      f02074eeb1cba11ac24a507940543b0ffb18121b7a23a556bfb53e0c74a8fc84

    • SHA512

      c7bd8afaf24a0717c99a05b5fc3b6c4069902a9e70c68ac9cd5c2cf8328aeed8cfffe8f456acd1fbf5a6c117bc8473f38e3ebd12df88ac6b05727cab60903dcd

    • SSDEEP

      6144:WXTN626ii5qvbmh/Jv9khqOHl/DaNq8dMdfwMhUDL3dRjCANctUcmRYXul9hgDh:6qUcMqwl/DaNqfwMECAKytll9hgDh

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      468914ab4ea3afc6fda29031c758394e

    • SHA1

      d3b632778a03567efa761401151bfe80d0fe956c

    • SHA256

      8a8d78657f0f6b44f18b16e7eea3e62eef6720e04cd2efc820d62bbe987afac1

    • SHA512

      0b3df17a3a17a82ba7092ff384c7d820d9f1103fcfa732fb399cf0ff065ec6913a73bea433e19ad787bccf272059e39d196322445d9a6327bb25738f343926ce

    • SSDEEP

      1536:zPyr/G6SdHg4amq2MwtmIuqFVxL9NvImlRo:z6AHg6bH5lq

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      997ae296af5b7ca9aaa52f6844075439

    • SHA1

      9814f0b09219ac2eed875d842b9362c3b32bec6f

    • SHA256

      1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8

    • SHA512

      a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349

    • SSDEEP

      192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      32465a07028b927b22c38e642c2cb836

    • SHA1

      309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    • SHA256

      eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    • SHA512

      9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    • SSDEEP

      192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax

    Score
    3/10
    • Target

      $PLUGINSDIR/nsBrowserOpt.dll

    • Size

      315KB

    • MD5

      716f84312a370cbb59e89770016ac76d

    • SHA1

      c804e0c5471e63071d4b480d53cc8faf333b9984

    • SHA256

      6dee4487d5ffb10ada3cb4e4f8124ac445870cf38e3eb0df0be1ec1d9088267e

    • SHA512

      2bf06e57edaa7c41466c2c3aebfdde097b376bfc13b214f5e90b2770e9756cb249f8e1978b92cf3b32cfede68b8b234537aea84d8c270e3222311cf6358ae975

    • SSDEEP

      6144:6creMAt6kGYFZFsgNsYXnzI0LdG91TBLMZk4C/L:62eMA8XYdhNsY3zIKg1TRMZktL

    Score
    1/10
    • Target

      $SYSDIR/adzgalore-remove.exe

    • Size

      99KB

    • MD5

      31709de9a5d9f2906dce36c836e4e055

    • SHA1

      cc59ca78fa077fff9384570189ac16b091bf49ec

    • SHA256

      21f7cb13c3a8d35e8533ffa55485a4c1c7c35e41d93893cbc0dda43b3b00e7e5

    • SHA512

      bfd57f3bf8ec9c7ed04e51e67b2e0f0428cb811f0d1bf2015b78a0d5e93c65aa4da1648fe49bfecd88b7f613ef6ba4b9106fc19053c39d96011d0f18ce2ddf74

    • SSDEEP

      1536:WUeHiWRgkkjH8nyWmJPnWb/Nv07LVpN6MzPY0rBAWCKSjqBkHBTXHccDuVbH8k5O:Wd/vyWmJqG7/wu6WCqGdccDc775kMZI

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      117KB

    • MD5

      cd6e705cc6992e869f488ab211ac37cb

    • SHA1

      c9c71edd929c15bcf5ee286d4a9e9259d1590eb5

    • SHA256

      44e729371099650904bcd5db0af7fdad6ffc01e336ae464f0bb151f329175292

    • SHA512

      460173bbcff640721e54bb403e1f46d274e649a9db7d3b83d009a7f00354d434874dfdc009679e98cfb05548801b9eee78c25fe17b083fac396087ad3327debf

    • SSDEEP

      1536:G8jeHR5cxDyiJu+Sp3o7lCNj+fgERBNxOtyg5Fu/oZSY0vXuHznnULYU455YQ+5:tZHK4Z2j+fP31gu3eHTnULB455y

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      997ae296af5b7ca9aaa52f6844075439

    • SHA1

      9814f0b09219ac2eed875d842b9362c3b32bec6f

    • SHA256

      1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8

    • SHA512

      a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349

    • SSDEEP

      192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      32465a07028b927b22c38e642c2cb836

    • SHA1

      309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    • SHA256

      eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    • SHA512

      9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    • SSDEEP

      192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax

    Score
    3/10
    • Target

      $_5_

    • Size

      306KB

    • MD5

      dc21e047a5c144e913f368423786d6cc

    • SHA1

      272ae16afdbe0994ad797996ede07b8e045ca036

    • SHA256

      b7f8e9c663515cc1e1deaddabe285959c668ffc6346d82ae97e35f021d30afa9

    • SHA512

      301689078e21b17ae27e5a4e6f3235510b0c3ec2d1ec022ba5ac0c1b12e4e0bbf18d538a0ee362b39a0ad8667223c15f2b2a7e7a2315bbcdbd73545582bce9bd

    • SSDEEP

      6144:x5kv9YzFPA0N7azcPFqR5pTE714TB/9VfzhiN:x5kv9YNDgzcP6C714T19Vfzm

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks