Overview

overview

7

Static

static

3

2c57535591...18.exe

windows7-x64

7

2c57535591...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffTrustMed...ion.js

windows7-x64

3

ffTrustMed...ion.js

windows10-2004-x64

3

ff/chrome/...861.js

windows7-x64

3

ff/chrome/...861.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/TrustMe...61.dll

windows7-x64

6

ie/TrustMe...61.dll

windows10-2004-x64

6

ie/TrustMe...64.dll

windows7-x64

7

ie/TrustMe...64.dll

windows10-2004-x64

7

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2c57535591f103325aadac8afa22cb17_JaffaCakes118

  • Size

    689KB

  • Sample

    241009-g2n13sxerr

  • MD5

    2c57535591f103325aadac8afa22cb17

  • SHA1

    11a233f84ba1927bbb3e685766f32214eefbc05c

  • SHA256

    c153e9a1f22de4650bb05b4c7deb5474e1e8f7bd77526458d1b803835f487524

  • SHA512

    372752964544cc611c3829d7c86a3cf083038afa8e4bafbd2c0731e6ddb7312bf518f92be5fff70236a14ec24ca4dcba729dfa05d387c2941b2ce9a4237b5ed0

  • SSDEEP

    12288:QDzCrCA3CG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDTjeKuVwv1p+N8qLwwiRn1:QDaCASG4G37tUnvone83Z76bMHxPtUwP

Score
7/10
adwarediscoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      2c57535591f103325aadac8afa22cb17_JaffaCakes118

    • Size

      689KB

    • MD5

      2c57535591f103325aadac8afa22cb17

    • SHA1

      11a233f84ba1927bbb3e685766f32214eefbc05c

    • SHA256

      c153e9a1f22de4650bb05b4c7deb5474e1e8f7bd77526458d1b803835f487524

    • SHA512

      372752964544cc611c3829d7c86a3cf083038afa8e4bafbd2c0731e6ddb7312bf518f92be5fff70236a14ec24ca4dcba729dfa05d387c2941b2ce9a4237b5ed0

    • SSDEEP

      12288:QDzCrCA3CG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDTjeKuVwv1p+N8qLwwiRn1:QDaCASG4G37tUnvone83Z76bMHxPtUwP

    Score
    7/10
    adwarediscoverypersistenceprivilege_escalationspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      ffTrustMediaViewerV1alpha4861chaction.js

    • Size

      869B

    • MD5

      6fc7e92d684986dd925622b24b32c937

    • SHA1

      1e06b335ea8d219b8ce0e25533314defebb0f908

    • SHA256

      de28527b9f801368aae8d164cbf8a301c5abefaf9393127ef1e3428f2ca3830c

    • SHA512

      9f29f907c2dca8e3d40a42ba79d4f3ddbe365eea16848bebf2577e7b8e32c0fb165cb699cf36506c27e6868a1e4234e689f4bd989511b6e1259e0166d9a1a51e

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha4861.js

    • Size

      768B

    • MD5

      3e423448f1d1f79cb5e9c9fe355bb87d

    • SHA1

      55b5eb1f992c7cbdc97407ac2b07e8a4c7a1d323

    • SHA256

      e8d25269749fec1f326640f477e02b532087959f4ae3171c3ea9bb4b81c6517d

    • SHA512

      bde438432aa7c0460358a75f4269541064b992118b0aa70e955ac7f69f839c16dfa07a1a50c70f867dd0a4ea29d40f63b035afcefb1e93d5f4716371098aaa02

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha4861ffaction.js

    • Size

      706B

    • MD5

      67ab626123ff0ae08fabd1bda4fb16f8

    • SHA1

      8a6bf656987ad4ea6ee2233a86093406a8084f43

    • SHA256

      482c1cd7d138fcb9b40b3dafdee02fa41526c786cfc0dbfdd818bce3e550c006

    • SHA512

      90a6092c1bded20be6d8fd178904e1a41c5c5330c5b47efb708f789cda3d7d0c9172fc2f67d687cc9fd31ad61053ca1d49609cd99ba343f9ee663f4cb9d83bf7

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      ie/TrustMediaViewerV1alpha4861.dll

    • Size

      85KB

    • MD5

      320747ba548eb45833a0a41c90c55971

    • SHA1

      fd006cbcf84d524ead469e5c02b07fbce6d47c06

    • SHA256

      0a90892c8eac9f3a1d55880b1d178c39c3e40eb70690e546d5081de0edc8439d

    • SHA512

      5e8089ab333ed9488fdb6c4a0e76b0c3b87212456c03088861b9da35ba4a43df2aef1f3a41ebdffce9c3f243160883df5d2dcb626eadcee0072d7527c18d3c6b

    • SSDEEP

      1536:ppMGCsQis4EnvtKx+kNp8Dk3Q518DOslQvFQ6lx:IGais4EnlKx+kN3Q5uDravFQ6

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral13behavioral14

    • Target

      ie/TrustMediaViewerV1alpha4861x64.dll

    • Size

      100KB

    • MD5

      941ca7cc5506351ee71ec91056e4e2a3

    • SHA1

      ab01f128df7ddcc10a702f4b84f8871d5d7b8940

    • SHA256

      66de5de8db044cbe9c672a1fdb1eefe8124fbd9f73b7fad2f12026b2c2f58174

    • SHA512

      5ebce186c3f0433f43225a271e76ea8218749bbf34acb6f687d72a37f85a4d4b9035626d1d0dfdaddd8098c05bf26efe74807c75247d232e4ca3cf79c2c20960

    • SSDEEP

      3072:WBjSnTZq1GSRzBHsQnTfGNAj7DSCPzQBTedF9s6:WNSnTZq1GAlHdTONAj+yvs

    Score
    7/10
    adwarepersistenceprivilege_escalationstealer

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral15behavioral16

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      85b4ba2eff448057128ba561bb6d805c

    • SHA1

      c2a88dd906fd8a0915dffd45ca9712cb51f61bd9

    • SHA256

      01243cbaf3d9f4817bbf8b75f44d320130068ff4cb7f9e7f554a13fea3189a8f

    • SHA512

      d0f352888b871ecb2e1d0d6b12977578f1970a6d7802d483902b0bfe030ea8b8db89dba768c1886121edc6920af1c2d59ca4ffbe7b04fd57fa9c1f80af007f6c

    • SSDEEP

      6144:Ee34vfjKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEC:GfjeKuVnvon+N83LwwiAn6KkM33nxDf

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

adwarediscoverystealer
Score
6/10

behavioral14

adwarediscoverystealer
Score
6/10

behavioral15

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral16

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral17

discoveryspywarestealer
Score
7/10

behavioral18

discoveryspywarestealer
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10