d7e640e5e8e27f65fadcbc4058034fce05fed339e924d447686920cfc32c92a7

Sharing

Copy URL

Twitter E-mail

General

Target

1575c09a5ef219f0349ea4629e6ba837_JaffaCakes118
Size

657KB
Sample

241005-aqrjhavckj
MD5

1575c09a5ef219f0349ea4629e6ba837
SHA1

afa498650211042072875524a2c533bebd32302e
SHA256

d7e640e5e8e27f65fadcbc4058034fce05fed339e924d447686920cfc32c92a7
SHA512

680e2b8113a9fed00d6a1c109f6178448b5afa22e42e69356853c957264b5fdd44a458f621a11c6f05199c2e2049c2e717fd5cd810cffce58470b70b9e262056
SSDEEP

12288:faXYop67gG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Biq4yaPQTMJ8ePB/x5uO7jU26A/:faI667gG4GQm4OaHYJ8eP4D5uOHBBX4p

Score

7^/10

Malware Config

Targets

- Target
  
  1575c09a5ef219f0349ea4629e6ba837_JaffaCakes118
- Size
  
  657KB
- MD5
  
  1575c09a5ef219f0349ea4629e6ba837
- SHA1
  
  afa498650211042072875524a2c533bebd32302e
- SHA256
  
  d7e640e5e8e27f65fadcbc4058034fce05fed339e924d447686920cfc32c92a7
- SHA512
  
  680e2b8113a9fed00d6a1c109f6178448b5afa22e42e69356853c957264b5fdd44a458f621a11c6f05199c2e2049c2e717fd5cd810cffce58470b70b9e262056
- SSDEEP
  
  12288:faXYop67gG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Biq4yaPQTMJ8ePB/x5uO7jU26A/:faI667gG4GQm4OaHYJ8eP4D5uOHBBX4p
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release3307chaction.js
- Size
  
  864B
- MD5
  
  d80caef517727b5525f5833e14af37aa
- SHA1
  
  463d56e8a63332f5bf0fb00a76961a2c304848fc
- SHA256
  
  a56cf7b60fb7a7b0f446960176835f53d7cff812b6507f020c7d24f101a5069e
- SHA512
  
  9f9fb0271c0cfde1ab5d0766b785111821633d6b52dd8986de7d42142759b59113914633bb2926cb00da83423527919c80543a1827f4cd1edaf954e1286d7e96
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release3307.js
- Size
  
  765B
- MD5
  
  794d7e9d2f0949aa97da561d38549991
- SHA1
  
  26b68e1df979e901e0b916c1e7eeec33dca28c69
- SHA256
  
  2edb9e72138ba8df827fdaa4273ea387f8736a1d6fd6ba990028891d1f414df4
- SHA512
  
  cfede557786b014f87c5abe39e2dd06201e57a231589a14ebeb7b6911e2398e212df3ef2b1a4320692bce91c41e60c2047513242f6f4f3f3512ce6a7727780a5
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release3307ffaction.js
- Size
  
  702B
- MD5
  
  d28f725a2093c89d98da8783bac4918b
- SHA1
  
  555bd337aa28cb5c68a10c64cf206c0bd2a12f3e
- SHA256
  
  3024eeb9443c499c853983396ee97cae966e492ea28241e1b36f0b0d06fcb7a3
- SHA512
  
  51b28b97cb09eed31c6b1ff1856ebe60895abdafc99d1b957c68a08b59cc019f411d299f70453115fd53fdc9333ea625ed2fb2300961cfb39aa466883d2f0489
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release3307.dll
- Size
  
  85KB
- MD5
  
  6bd591266618019cc108739ec08805a1
- SHA1
  
  969d0546c80596a280fd46ad696d7881dac544aa
- SHA256
  
  4b7242ebbe68c02194fd83e99d8b24b93f7509419d8da9be28d0ba123a43a7f3
- SHA512
  
  afc17d3dc1d0a567a99c29a979a892cd53e105306574de128a77803090082e477029995a3dfd95a3eef02642cac635bc1bece069190a41a1df357471a41a221d
- SSDEEP
  
  1536:ihMWCsgyMIwP/t6hp1ZcTkrC1cCTfLlQ2JR9KS:vWKyMIwP16hp1Scga2JL3
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  60ea945ed566b62778c9fd7af4d44779
- SHA1
  
  35150a90a389de74868db3fde5a24a887274ab1b
- SHA256
  
  166907ab32fb1dc568063424ac921810e850f2214438804a434b5becafe68d01
- SHA512
  
  817f736801fe2ac8bdb6fdf3deabd9abc944c12f2228565014c2ce1d68e960de1a74843aeff7713baa0d46ffb75be4913553cbc803b7283d91a8055b8b07373f
- SSDEEP
  
  6144:Ue34g0Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bme:l0q4OaQQTYJ8eP4/L5uO7D3f5Br
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16