Overview

overview

7

Static

static

3

157490c752...18.exe

windows7-x64

7

157490c752...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...594.js

windows7-x64

3

ff/chrome/...594.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...94.dll

windows7-x64

6

ie/MediaWa...94.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    157490c752dc0efea2362c231d7fb1b8_JaffaCakes118

  • Size

    634KB

  • Sample

    241005-apg9fayfpe

  • MD5

    157490c752dc0efea2362c231d7fb1b8

  • SHA1

    e2f428653cadaf9527d0ee9b334090bf71db2305

  • SHA256

    e9a16bf27f5e2b25e034648a8d0e0b50afc3fa2060caa273ce941aed18b4653d

  • SHA512

    c135783b9a2a750915d99b35419ed70503dc2516238234fd0b5a77bd39b5fc4c3bc84cd5344fd368b6a0f56da6e8981221e6111ea3faa80ab307c0650c37469c

  • SSDEEP

    12288:TseqPx/S/vG4GjeZHkwuPikQ7lKH5p5H9x11eZHkwuliXQTlKB5pixyiR0:TTqPVEG4GjeZEXi37l6Br11eZEdigTlG

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      157490c752dc0efea2362c231d7fb1b8_JaffaCakes118

    • Size

      634KB

    • MD5

      157490c752dc0efea2362c231d7fb1b8

    • SHA1

      e2f428653cadaf9527d0ee9b334090bf71db2305

    • SHA256

      e9a16bf27f5e2b25e034648a8d0e0b50afc3fa2060caa273ce941aed18b4653d

    • SHA512

      c135783b9a2a750915d99b35419ed70503dc2516238234fd0b5a77bd39b5fc4c3bc84cd5344fd368b6a0f56da6e8981221e6111ea3faa80ab307c0650c37469c

    • SSDEEP

      12288:TseqPx/S/vG4GjeZHkwuPikQ7lKH5p5H9x11eZHkwuliXQTlKB5pixyiR0:TTqPVEG4GjeZEXi37l6Br11eZEdigTlG

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home4594chaction.js

    • Size

      834B

    • MD5

      9a1b5ada358100bd7e71c9dfe9f26765

    • SHA1

      f5179b9a4f25d45d4d5877aba3baae36ee02c1db

    • SHA256

      84b7190cf791c6bbc8fedaaf47c8d98d53adc293cd5378ea9ad3aea663f36cb0

    • SHA512

      510ab36e7e14ae5c11be08d4b428880badf042def9a7bae5597a8d510b52e72a60584ca21a9f5795fcd33e8dc8b14a19ff5bb5a7ea1d9cccb947d7f60f896dcb

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home4594.js

    • Size

      747B

    • MD5

      25b7021481c8483ea0693dd0c1af831c

    • SHA1

      d9e88d7e20e599367c353a791b675c31eb379ead

    • SHA256

      82b218e5909c81e1a595cd350a9f2ed00be0ec4fd52509620d51a1466ca5375f

    • SHA512

      4b55451ccfe32b34e6d34a9ae83a80999a25b3bfcb922358770cba4d8c2be7011fab072c9a6ff217f2e4906f71dc19819ee0daff0bc2d01bf3b50a8a035e9333

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home4594ffaction.js

    • Size

      678B

    • MD5

      d1c158f0c427e81f25a17cee560fa767

    • SHA1

      7c752b6bf955a927d0fc447f30060ebea85d4107

    • SHA256

      fe08b1045df9dd6d638504daeab7c013c8fb4b6fd7b0d0947e63367c208244c3

    • SHA512

      121d1237a94398d92b0118790c5c50e64c3ab13ca81e2660f8751652de69fbcfee5385f4489be6c3c6b84e13846088fe966b61062d7ab46e57de66e1570be9da

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home4594.dll

    • Size

      85KB

    • MD5

      35efde5cafaf74969b9595d9195c5c36

    • SHA1

      c46072e9236726b3557875b5ec11555595e2acbc

    • SHA256

      a44206501dfe1efbd357ca6c0b837719d61b8aadda022bcafcdb2ad7a74fa50c

    • SHA512

      c0efbfe02d006338fff2cbb8f41a2457f4bab14934ca75a8e78fb6a624e35cfc8ac4a7ad478189b5e91b3c1344825cf4d76dbc86f0f8c951d0f36ae8cabc8eab

    • SSDEEP

      1536:AMflScQkG04RvxtakrOb8Dkx4BHgNglQaeF:rlikG0EbakrOIBA+aaeF

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      c3638de2fb621a9cad4c7f48514fddd5

    • SHA1

      4255ed7cb7fb7616e930bdc8e697df270cb957e1

    • SHA256

      f0a39fb0c5389dd2c8a334ccf4e411eda98c73aad140ee078126d2c6ef87bad7

    • SHA512

      4b2ec3a8245e5ef1e728f5895b7eb30935f975bb9abc44edd50490be0a738d001a31f866836cfc1459cc4720cec22efeb22e2f718784b398d5c7cb9ee2825e8b

    • SSDEEP

      6144:Ee34krpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1y:BFeZHkwuPikQ7lKH5p5H9x1y

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks