91359945ae33bd05c2d0673e93f3a8cd2320933332a28eb04fdaabe87f97fea4

Sharing

Copy URL

Twitter E-mail

General

Target

28f80f6493cefa70264896e397281be6_JaffaCakes118
Size

634KB
Sample

241009-cmmr9asfmj
MD5

28f80f6493cefa70264896e397281be6
SHA1

0334f70d483aecec9ff001ed1c4f63cf742e757c
SHA256

91359945ae33bd05c2d0673e93f3a8cd2320933332a28eb04fdaabe87f97fea4
SHA512

360d724427f224318b7845580bf05ad07630b5bc1020e6242b0555408d49c98fcbb709870255941e08c0935624eb2c91d0e684ef28bc514bcd41770953d6cc05
SSDEEP

12288:MNGBmpG4GjeZHkwuPikQ7lKH5p5H9x13eZHkwuLiDQTlKJ5p+xWlf8:MNG4GjeZEXi37l6Br13eZEjiMTlmWslk

Score

7^/10

Malware Config

Targets

- Target
  
  28f80f6493cefa70264896e397281be6_JaffaCakes118
- Size
  
  634KB
- MD5
  
  28f80f6493cefa70264896e397281be6
- SHA1
  
  0334f70d483aecec9ff001ed1c4f63cf742e757c
- SHA256
  
  91359945ae33bd05c2d0673e93f3a8cd2320933332a28eb04fdaabe87f97fea4
- SHA512
  
  360d724427f224318b7845580bf05ad07630b5bc1020e6242b0555408d49c98fcbb709870255941e08c0935624eb2c91d0e684ef28bc514bcd41770953d6cc05
- SSDEEP
  
  12288:MNGBmpG4GjeZHkwuPikQ7lKH5p5H9x13eZHkwuLiDQTlKJ5p+xWlf8:MNG4GjeZEXi37l6Br13eZEjiMTlmWslk
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffMediaWatchV1home3259chaction.js
- Size
  
  834B
- MD5
  
  a424232f4899f5ec0969097b3d5b4502
- SHA1
  
  ba32eb63c05671599a63cff086a8c0fca28cfaf6
- SHA256
  
  52b8b9caa3f931e05b241e00b2099d617b3471d637c2d8968c576fea32f73095
- SHA512
  
  c3d60f9896a05074e4ef2957c83e3b95282415cfc9839271941740c48f764fd460df23ef4741adb9d1f501bac126276fe930489814ff7d9fbf812e910136780d
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffMediaWatchV1home3259.js
- Size
  
  747B
- MD5
  
  529105ee4d911803e5c71b3b92eb4958
- SHA1
  
  d03b6f71c8767b2d6b794358517a65df03ba6f22
- SHA256
  
  5b81d32c1e587ca3b54aa14672b09f7b1406e7f7f9085d01930d6c8ca231a236
- SHA512
  
  3cdf3cd12235d99271a92aa0ef7f3c6bc0e5737aa4c9609edbcf2506c1dfa01813599b5b074be8b582f0930cbbe4b701f91645721c1c9a017d7661c61c737060
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffMediaWatchV1home3259ffaction.js
- Size
  
  678B
- MD5
  
  531efef376f4529a26c603ae5b3f51bb
- SHA1
  
  2d0700edc815f9731bc62a8853f85173920fab8e
- SHA256
  
  062363a72092cac79455e77285dfaac47b3fb04401adce7dcfbde91783190a39
- SHA512
  
  4d788210a90ce9a15f16ae8bd9ccec609d7d8caba46c9032f341203ab8eb8e3901bcccff1f4800aab4077ea17dd9fcb3308fc106083583c0d5674b5c28330cde
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/MediaWatchV1home3259.dll
- Size
  
  85KB
- MD5
  
  0ccbd466a8d1c8e1b0a97e5179912948
- SHA1
  
  aadf3f723df6aa932ff4b5fc9b60986782b08400
- SHA256
  
  ee5517a57df80d2c601bbcb6d73d044fed81736f536a907e738f5f25db1a2638
- SHA512
  
  9c3f5a6a5729a511b377a85e9c2c5437b32b291408c63d37a1c03690f69b772b0e938c6376f2cf73349d1e21008dd846868fc99e92fbf04b3a2593dfcb406fac
- SSDEEP
  
  1536:X8/1CsEmka04RhRtahrOb8DkhsnHA9glQCt55:Q12mka0ElahrOInguaCt5
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  285KB
- MD5
  
  d01b7c3c658f2b4e3c835ae619799302
- SHA1
  
  90113ed9c86981fe55129f481d1855262f690888
- SHA256
  
  6ec741735df5c5cfa6e5478b533e88ad4e734266134db68afd39b189018fde57
- SHA512
  
  b15d079107af7538e451e01017603d766cbbf262ddaef63baf9e00029a6ea74c3ce3411457bd7081a9fbaf0326d778e6d03b671eff0b0bdbb6deb76d70ce5e42
- SSDEEP
  
  6144:Ee34bIpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1Q:60eZHkwuPikQ7lKH5p5H9x1Q
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral15 behavioral16