Overview

overview

7

Static

static

3

25c4ae65e0...18.exe

windows7-x64

7

25c4ae65e0...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...436.js

windows7-x64

3

ff/chrome/...436.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...36.dll

windows7-x64

6

ie/MediaWa...36.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25c4ae65e08b895279d287fa70cd0a53_JaffaCakes118

  • Size

    634KB

  • Sample

    241008-1eq2pssgqc

  • MD5

    25c4ae65e08b895279d287fa70cd0a53

  • SHA1

    2e21ecd493dd724e18727cfe3a833033dcc8bb8e

  • SHA256

    c206f93178517a08a5058271ad32c50769b4e2acd289411017324b87eaa4b42a

  • SHA512

    2da6dc8fb00e80cbaef9952d424ffd0d5e354835ed6457e106db4ebab5a57a95b785a7c2e75d045c2e67e4201a32217ec7455b3667ac6e76f7a061331673712a

  • SSDEEP

    12288:L9pNG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuHi/QrlKd5pnxlMlfA:LZG4GjeZEXi37l6Br1WeZEfiYrleffM2

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      25c4ae65e08b895279d287fa70cd0a53_JaffaCakes118

    • Size

      634KB

    • MD5

      25c4ae65e08b895279d287fa70cd0a53

    • SHA1

      2e21ecd493dd724e18727cfe3a833033dcc8bb8e

    • SHA256

      c206f93178517a08a5058271ad32c50769b4e2acd289411017324b87eaa4b42a

    • SHA512

      2da6dc8fb00e80cbaef9952d424ffd0d5e354835ed6457e106db4ebab5a57a95b785a7c2e75d045c2e67e4201a32217ec7455b3667ac6e76f7a061331673712a

    • SSDEEP

      12288:L9pNG4GjeZHkwuPikQ7lKH5p5H9x1WeZHkwuHi/QrlKd5pnxlMlfA:LZG4GjeZEXi37l6Br1WeZEfiYrleffM2

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home436chaction.js

    • Size

      829B

    • MD5

      2efcb6266b26c0e91ee098563780fce2

    • SHA1

      d3ed9cd02249e2342cbdf21993bc57f004a16b68

    • SHA256

      c06ee60f5ab04266308e2e6a3a1d175a5471cd84891c242179552f972fa98b66

    • SHA512

      7c752ca14752b1a79e1ec48dfdb9d307a66af304f5fee61da64a608391dfcd1f1533eec3359e96052c301fc69e40b2d39844005add3ff14cbb9c2f981d2b4866

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home436.js

    • Size

      744B

    • MD5

      27fde83940f9af8e99c356c14a0ee027

    • SHA1

      dc34c1e3906ef72cebce0316d5670d9f0815cc9d

    • SHA256

      ab68128d519e56c5640e71f5ba3afe2377b76fd4fbe8863e9f4dc611db52e4b4

    • SHA512

      2fe7a242e121e0155dca9b89bcf62a6f24664d248714d9c2dfc65ddb5ee25e24dbced8a26972b17a72a9efdf3f4a41da323352fddbd58259645b083db93572b9

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home436ffaction.js

    • Size

      674B

    • MD5

      ab0fd7cec74b63c055af7d07517b7e26

    • SHA1

      0cbbe54accdd0cffbb5c84fa90049bdae295fcaf

    • SHA256

      18057f53440bbf883cc1066a78768594d1bc7d296a4bf8922eb3fa585ce2b39e

    • SHA512

      2607fd2a7cce89df09a582c069e61ce17159ff023d20ba8d01348834fd33e1cb649db534139c5e0c75a8891e8f36950f42c0507951fdbc7e1cf3915892a73eac

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home436.dll

    • Size

      85KB

    • MD5

      7ce83b41c6fef1c1c851123023a6321a

    • SHA1

      e92db6bd21240a01810b9a06189646933c6d649f

    • SHA256

      ec2e3324dbcc6d97a5c05309b24729a388137868a78e8b548e9cad430045d806

    • SHA512

      aaf23bc5ec71ea4c716bf8c7a3a96996051800673ada095b1617e81d176ed7ab3f36b41efd166cb07268a7706bff4c1030dc6cd314861e36b3cd06c7d5f48501

    • SSDEEP

      1536:sn/1CsEmkaMAPtahrOb8DktB8HA9glQGNr1LKhF:o12mkaMAFahrOB8guaGNlW

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      ce0c9927fd75ded7112843370bd6e87b

    • SHA1

      7b60db758c8722bb9a599a7726bbf1c8d9ac0651

    • SHA256

      2f63bcfaee8fd6f0da5d6ddd43911a861f1f32b63ca867769de6676ab58138de

    • SHA512

      81c5180c718478bb657c27e105ed55dbc036ae1f7993a8b90567642f3b95e7b449b5f14316e1ee34f5cd65e777e94e4ca5567423b107f85207792116cfafe79a

    • SSDEEP

      6144:Ee34MxrpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1e:p3eZHkwuPikQ7lKH5p5H9x1e

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.