8d815e71da8cfbbb387dfed1ebec0e48c348c920b5b3509d2a4fea2bbc6e7b12

Sharing

Copy URL

Twitter E-mail

General

Target

16476e48d113ddd515e30e7b54959bb1_JaffaCakes118
Size

657KB
Sample

241005-frw39s1fjh
MD5

16476e48d113ddd515e30e7b54959bb1
SHA1

6d3ffb196b8ff55e33b29dffaebb538a4965bb0e
SHA256

8d815e71da8cfbbb387dfed1ebec0e48c348c920b5b3509d2a4fea2bbc6e7b12
SHA512

0f93e9044f1cb03be76203c234d8574fa0bd94c9ea611b5c07b0fe80376a8c60889a4c3e5f5efad26c60345a7b3c9ed78391830014f2eb4d390a6d3f20bcdde7
SSDEEP

12288:NusL1fLUG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4karQTuJ8ePP/h5uO7kU26aIz:NJJfLUG4GQm4OaHYJ8eP4D5uOHBBO4kW

Score

7^/10

Malware Config

Targets

- Target
  
  16476e48d113ddd515e30e7b54959bb1_JaffaCakes118
- Size
  
  657KB
- MD5
  
  16476e48d113ddd515e30e7b54959bb1
- SHA1
  
  6d3ffb196b8ff55e33b29dffaebb538a4965bb0e
- SHA256
  
  8d815e71da8cfbbb387dfed1ebec0e48c348c920b5b3509d2a4fea2bbc6e7b12
- SHA512
  
  0f93e9044f1cb03be76203c234d8574fa0bd94c9ea611b5c07b0fe80376a8c60889a4c3e5f5efad26c60345a7b3c9ed78391830014f2eb4d390a6d3f20bcdde7
- SSDEEP
  
  12288:NusL1fLUG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4karQTuJ8ePP/h5uO7kU26aIz:NJJfLUG4GQm4OaHYJ8eP4D5uOHBBO4kW
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release1189chaction.js
- Size
  
  864B
- MD5
  
  c6e1459f878a29a8254d5afe3b74ea30
- SHA1
  
  c737d79f67bbdf057fb771eeb9a99448120abe27
- SHA256
  
  8ebad29e4ba26c167b601bd9bae749e76338c50622fe5f83a543835a217f0a61
- SHA512
  
  619c2799c78f5a588c4ab68b5e1b9534e5d036a66f268498bb9480a62b4ea8d4693858a829efd6ef90be17c35374c40de330fd40a98c3c5468c373c94d541142
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release1189.js
- Size
  
  765B
- MD5
  
  d0d7e6e22746bac624e30d94f02858fe
- SHA1
  
  d35acda081f915c39320d844bcda1b1c6f21e872
- SHA256
  
  d91d8fa104e56e95901c327675f95e35d653696d9ef9c93f368152323bca7049
- SHA512
  
  3822f96eed105ffd6059bc6c54c20175eb3fb3ebb39af617c1d132a3063f9021d40c1b4b770784c59528bf549c496d075fcbde5d2036a5d68982d2c3fecb5de1
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release1189ffaction.js
- Size
  
  702B
- MD5
  
  2781cabd03264f9256f94385f8c65b6a
- SHA1
  
  b3cdcc088abc6884fb65d4cabdec0b249e785053
- SHA256
  
  6d807520e51cd8062af953d9ffb9dfe54eb147f320582f2f45d7562f3774cb5e
- SHA512
  
  883930c27d5ce49cec3bedf43a452764837986457406a1cbd777ea1532fcdbfd9eef46e72f658857c19b043dc312be2621a4cd4ef3c709c889d5981f085f9cad
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release1189.dll
- Size
  
  85KB
- MD5
  
  8d1ebf74b3a4122dd145e8a900bf043a
- SHA1
  
  77816772fafdd868fab1b5d016dab7d081cd9669
- SHA256
  
  9f641a3e73d4ca9e8d911b987c0577613a3798feac3d1d0dde4dba829a78568d
- SHA512
  
  b071ca61749b9a8492912f98164c0ba1ad08f24d0ba7f43554d0cc66f6933267fffcb80c0c1e997a9a160b654626d3d621ee516963f72de0695c820512160e82
- SSDEEP
  
  1536:ShMWCsgyMIwP/t6hp1ZcTkrCxZCTfLlQ2pA6S:fWKyMIwP16hp1WZga2pAn
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  972601600e0ec27520447df873d803dc
- SHA1
  
  0a7d98b94a6297d455e5258a348568fddc84df8f
- SHA256
  
  4d6a2b0a2293c763cc9f507f40b24ae7d78365fbc83ba952a634352e2a1e6664
- SHA512
  
  ca0acb6f5826dd0cd7fd63fe9a1bb6d2fd15a695df1034731da07161b53578248c4ad9b23b719558584cf46743af4b0b4156b784ac7359d315d47da70d3aff6a
- SSDEEP
  
  6144:Ue34O1Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmi:X1q4OaQQTYJ8eP4/L5uO7D3f5B/
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16