c80a9a0d97bb88ff216fd581088178e0308c47b6bfb34d2ad56cd07d692154f8

Sharing

Copy URL

Twitter E-mail

General

Target

2e6ab48a03737af3bc6ddfcb742c54c5_JaffaCakes118
Size

634KB
Sample

241009-k2vqeawgpe
MD5

2e6ab48a03737af3bc6ddfcb742c54c5
SHA1

a663165e47a7e55a09992690e536e3c916a356a6
SHA256

c80a9a0d97bb88ff216fd581088178e0308c47b6bfb34d2ad56cd07d692154f8
SHA512

82ca50038707b84aed7f3cb741203b226b05c22cb25447e21452a01282d27c6f694756343a6eeb61cddcae1216b3847e0eae64d0fff111a2e932a9ddf086ba0b
SSDEEP

12288:/XGahvvM2opFG4GjeZHkwuPikQ7lKH5p5H9x1qeZHkwuriZQZlKh5pQxlMjVW+:/7U7pFG4GjeZEXi37l6Br1qeZEjiOZlW

Score

7^/10

Malware Config

Targets

- Target
  
  2e6ab48a03737af3bc6ddfcb742c54c5_JaffaCakes118
- Size
  
  634KB
- MD5
  
  2e6ab48a03737af3bc6ddfcb742c54c5
- SHA1
  
  a663165e47a7e55a09992690e536e3c916a356a6
- SHA256
  
  c80a9a0d97bb88ff216fd581088178e0308c47b6bfb34d2ad56cd07d692154f8
- SHA512
  
  82ca50038707b84aed7f3cb741203b226b05c22cb25447e21452a01282d27c6f694756343a6eeb61cddcae1216b3847e0eae64d0fff111a2e932a9ddf086ba0b
- SSDEEP
  
  12288:/XGahvvM2opFG4GjeZHkwuPikQ7lKH5p5H9x1qeZHkwuriZQZlKh5pQxlMjVW+:/7U7pFG4GjeZEXi37l6Br1qeZEjiOZlW
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffMediaWatchV1home207chaction.js
- Size
  
  829B
- MD5
  
  23b1147b99d3956768eb967c55d11241
- SHA1
  
  3e061c130e089ba767d93ca83da1d261fc8f893b
- SHA256
  
  b003c42c4847467bf13b36a946484e3ebdd59507af330e4508879d33ceb0180e
- SHA512
  
  57e9d1c80c7a9713594ca2b3766952f8a31bab503fc559f69db47c56da4adb46b537ed3efc2c54f6602f993b49f34ec7356f0ae99a827eaf7c2504175fa4ec59
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffMediaWatchV1home207.js
- Size
  
  744B
- MD5
  
  e9e23c5505a4dcd44fd017cd78cbe743
- SHA1
  
  d8d37468fb0b6cbd610a596a0b66918b7abaed28
- SHA256
  
  15d0bd1b64ca2d48a27a5ba7037962121aa5f3b5ae7f924cb3aebad9c57d776e
- SHA512
  
  01ee5591e22bc3e616f459b72d3b75dc137b60e554877c3d21e15559a775e1b0bbf1b9ce8c9a63e594b9bc310eadf705b4995238055e0f62c621198ad0ae74a2
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffMediaWatchV1home207ffaction.js
- Size
  
  674B
- MD5
  
  149145324df30042a76f1e0482d67a09
- SHA1
  
  223864d6e4bc8f76f0f6bfb68764ffe88f19710f
- SHA256
  
  36b6e10216563a9651e3e32708e61a18cb06b48a8eaf99eb1e16264f033c84eb
- SHA512
  
  957b5f84eb295ef3e2c3810ccfeb2a74fa443ddc37342d6d8d4f778e2b51197fc46fa4d80a030d6af99e53cef265f52097e9197a6a0b7a28b1167d2e41f838f5
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/MediaWatchV1home207.dll
- Size
  
  85KB
- MD5
  
  e8cebab9806ee5138a334e477a1ea75f
- SHA1
  
  045587e5efc90fd54aca9a181b3a15c8cf024897
- SHA256
  
  8ca3a6516ef1c491e5889430c3d9dd5d62cc91fc1199d3b0dc249c69b40c9091
- SHA512
  
  ec0c4dc1f3347c82b995b73b70a4eadca663bde9f8aa8bfc3644e8008646229fe541fba7b71f1bbb8feb4b6103c809cf4fe23bd101de37a95eea3d380bc58680
- SSDEEP
  
  1536:gn/1CsEmkaMAvtahrOb8DkthSHA9glQmZfVV:U12mkaMAlahrOhSguamZt
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  285KB
- MD5
  
  1c20354e23d312f2ed746f2b5c827b0a
- SHA1
  
  6a1655437aa91abfa984af0e5d450bb541a8c5ff
- SHA256
  
  694f87e734d67eb69236c1eaa1d018ec8f84a65e6376689c799cfed29c4aae14
- SHA512
  
  e4bc29bf09e7e4eeb80666e2425bb291ae11de6b9600a4b4bd14dc84ba2863e8abe6419bf8e60e71d68017589514a906a6d028f0abef1b179ef2664b56d77bbb
- SSDEEP
  
  6144:Ee34Aj4peZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1w:VYeZHkwuPikQ7lKH5p5H9x1w
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral15 behavioral16