Overview

overview

7

Static

static

3

16d431c2e2...18.exe

windows7-x64

7

16d431c2e2...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...104.js

windows7-x64

3

ff/chrome/...104.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...04.dll

windows7-x64

6

ie/MediaWa...04.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16d431c2e2862ee1caa00866610eafb2_JaffaCakes118

  • Size

    634KB

  • Sample

    241005-jtr4wayblb

  • MD5

    16d431c2e2862ee1caa00866610eafb2

  • SHA1

    3f458e8a1643f74f233da740d4136e9c8335f015

  • SHA256

    591a37517539a001143870761f3da71087556c5f3450bf929c26ac12ea7427f6

  • SHA512

    1236b08e3091ccb45f99b871d9dcda7a642cbef1727f61e6063a49b6fee0e1ab092788c40339549657ba719093c62eca13c238bbc6724f2c5222a9ec235ab593

  • SSDEEP

    12288:L2Kher0pqF5G4GjeZHkwuPikQ7lKH5p5H9x1beZHkwulinQZlKR5pxxoiR0:L2+qXG4GjeZEXi37l6Br1beZE9iQZl2O

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      16d431c2e2862ee1caa00866610eafb2_JaffaCakes118

    • Size

      634KB

    • MD5

      16d431c2e2862ee1caa00866610eafb2

    • SHA1

      3f458e8a1643f74f233da740d4136e9c8335f015

    • SHA256

      591a37517539a001143870761f3da71087556c5f3450bf929c26ac12ea7427f6

    • SHA512

      1236b08e3091ccb45f99b871d9dcda7a642cbef1727f61e6063a49b6fee0e1ab092788c40339549657ba719093c62eca13c238bbc6724f2c5222a9ec235ab593

    • SSDEEP

      12288:L2Kher0pqF5G4GjeZHkwuPikQ7lKH5p5H9x1beZHkwulinQZlKR5pxxoiR0:L2+qXG4GjeZEXi37l6Br1beZE9iQZl2O

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home1104chaction.js

    • Size

      834B

    • MD5

      b1fc71cf516c3dc771b82acc30a1a789

    • SHA1

      2d034726546b6731c56e482549dfbf86da07aabd

    • SHA256

      a690f5be01ebce9737a1e9122177e723f44a30218793d412d4e22f767a6ea79e

    • SHA512

      7c195f9e730c2dd1999e1cc5a8021a127d987ef7ab4812e8655b8adb5cdae9766dceeb09fbf94623cd8b4373a194a4ea70527702a29b77ce032eb3a5f9dd5d57

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home1104.js

    • Size

      747B

    • MD5

      580fbedc9d72f221521e08a05ab09200

    • SHA1

      5489255986c1ffca97f265f514fc36dc2c64254c

    • SHA256

      cf5a94dccd97fd358f8a94dc89d8dc1fbee14b4125a14feaf8593c6414a73725

    • SHA512

      d94e893e546ee649505420fd266f5457880b88659864e2ccf89e96e7b89a3998f9f7a420a6e79e7c56a7a4608ab896085a4fe329340d9b10efed9fd9c45650ab

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home1104ffaction.js

    • Size

      678B

    • MD5

      d6a2d1b0737b60f8775bbf8e85aad9eb

    • SHA1

      b6fbe0cd6f58910a96d4186f472e47f2c0c8d0d7

    • SHA256

      704c858c240a32a46234619e595f5a368e7c953571538299629078eb7b460e49

    • SHA512

      bec9f8ca2a303d5c912af2bbb697618c78ec1c0ae4a59deb60ec46b178de637fa4b27b5266eb4ed8b362dda100fe2e041e673e9c60b94de42a27fa81c80b122e

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home1104.dll

    • Size

      85KB

    • MD5

      b98d49f9d9ab1df0a82297113c63ee51

    • SHA1

      42f039721a0a17267615bfde7f9e8e2af4a90122

    • SHA256

      a08711f19e55112675c7f2cd63c934c828330d8b74e70a1d478d21140bce6015

    • SHA512

      6f0782a64a47163f23cbce0b9ee014369a8d58c211d854abdd8f05240615b7dd4704e68cfefec0fa2c7744cfc69193379c7ad18280c467b8ea0cc03323b57ce7

    • SSDEEP

      1536:rMflScQkG04RvxtakrOb8DkxRQHgNglQO+y:0likG0EbakrOhQA+aO+y

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      04d45b26661ce63e65f3e2d15bc8c249

    • SHA1

      ac16cf8e55207d101adc244b7014b4231ef01716

    • SHA256

      c3edb1a4223e6f3dd2483545d41f66a531c4f95b4fbf7dedd6b413cdf7e30c57

    • SHA512

      424be5f7d1363373ef3623fd66ff845b8e130aae1a2af5a5eb96f0d6873bc4c0359944cf179921fd0e3652f6f3f798eed1c7884126fbd5c3ef5405ed430a5ce3

    • SSDEEP

      6144:Ee34MspeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x15:pweZHkwuPikQ7lKH5p5H9x15

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks