138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85

Sharing

Copy URL

Twitter E-mail

General

Target

0a29134064c19d23dc603947eb8e44a7_JaffaCakes118
Size

657KB
Sample

241002-l9j5bavbqg
MD5

0a29134064c19d23dc603947eb8e44a7
SHA1

a8388c728afba35e4cc231afed9041ba3edde255
SHA256

138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85
SHA512

59bb28c0c3732ca465c39f05f96abe203364e4d1d2e4c0d5e9bcca37aa2bdbc9d099d07fefdafb8b72654b4c1eae907738690d63bf82da0d3a093055ac3aa929
SSDEEP

12288:MBAKKzA/yG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BnSq4IalQTSJ8ePt/t5uO7EU26m:MBAXAqG4GQm4OaHYJ8eP4D5uOHBBH4IH

Score

7^/10

Malware Config

Targets

- Target
  
  0a29134064c19d23dc603947eb8e44a7_JaffaCakes118
- Size
  
  657KB
- MD5
  
  0a29134064c19d23dc603947eb8e44a7
- SHA1
  
  a8388c728afba35e4cc231afed9041ba3edde255
- SHA256
  
  138ad0b7d4f6f64be0b7a6227a794662272858a1a2f5665b6c5f9a4e0f282e85
- SHA512
  
  59bb28c0c3732ca465c39f05f96abe203364e4d1d2e4c0d5e9bcca37aa2bdbc9d099d07fefdafb8b72654b4c1eae907738690d63bf82da0d3a093055ac3aa929
- SSDEEP
  
  12288:MBAKKzA/yG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BnSq4IalQTSJ8ePt/t5uO7EU26m:MBAXAqG4GQm4OaHYJ8eP4D5uOHBBH4IH
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release203chaction.js
- Size
  
  859B
- MD5
  
  4d9bbd82090bb30eeff6ecb0f9cb72a5
- SHA1
  
  805dcc41897b1516bbbd5fb44b8cc9c8515fc776
- SHA256
  
  211572504dab0a29dabb88844402c1afde6d17727b490d2200bf2e49ad25dc6d
- SHA512
  
  24612f262120ca575a06d4be7f448ab02eb0b5b97621af0e6e33964fe2d00e306f368477be374d3516576c3f8d3560215b69ac53a6ba8084af8fc530f58c4c86
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release203.js
- Size
  
  762B
- MD5
  
  991a69dffd11b9d4143603714d6ea69d
- SHA1
  
  67d58aac2b2dce65a7993deed95d4d4eff6a0217
- SHA256
  
  1d08eb8c7f1aa2c3840e062f68667ec0fa92552b148f9b46095799214ab3d974
- SHA512
  
  9a94676fb1686e5fcb3325bd720d57da6550fd17be6e0ad1048a52ba80fcf4a9096384b10778c9ff985fafef38d2eface84b3fee6b2f05356d8cfa5d98616772
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release203ffaction.js
- Size
  
  698B
- MD5
  
  8717ab9d7ff2a09da0f70f39957ffb7d
- SHA1
  
  5b105781c2283fbbc2af0bc36b122102bb23ba77
- SHA256
  
  605871572a154be401a8284a228d2665c4da230f1cbeb8614362b53ef7baba66
- SHA512
  
  afe21ecc7a985af2e518d026e827b9d0edf1220f09f80b6704d21a31ce87f194c6ce441da70abdf59eee2045bd894da231800a4c1da3447205ee687b42be4382
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release203.dll
- Size
  
  85KB
- MD5
  
  f4ddc34a9b812597c86d0bcee2da1c81
- SHA1
  
  7ba6c712bb176f566f44874a9218b6852e59cf4b
- SHA256
  
  baeed16699b3c67d4801c1722017c9d95dace3e7c8ec97898c7f1282c9ec6c3a
- SHA512
  
  fc22416eed502cd486ceeb607df507a43684647a630fcaf6715e8f9f2a2535538d55c58923335126bb7523d937025f005ae9b11fb4aa7451251329822f10a6d0
- SSDEEP
  
  1536:ckf9Csc+EE7Msd5N60GlVk8jkrwKCnqLhPLlQGpcNBZ:/9++EEwsJ6FlVKCnmaGpcd
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  a4c64f94c3ac1328a81ffb424dabd8f2
- SHA1
  
  03cafc85d8c87298f155c17b8a4352bda1e1bb3d
- SHA256
  
  becce6bc580c5088bd6d62d03864602c33c9fe675d7a6ea3e12b41dfbe69f9cf
- SHA512
  
  cf97b34debced868d216e38d9739f9fc98cb59d8f28dae53dab43d74e1b61895da6246f1248189b569154b94c429e7a3b19c77fe668b2f7123886b2df7cd6354
- SSDEEP
  
  6144:Ue347ySRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmC:SySq4OaQQTYJ8eP4/L5uO7D3f5Bn
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16