Overview

overview

7

Static

static

3

2f46df8c55...18.exe

windows7-x64

7

2f46df8c55...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffTrustMed...ion.js

windows7-x64

3

ffTrustMed...ion.js

windows10-2004-x64

3

ff/chrome/...623.js

windows7-x64

3

ff/chrome/...623.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/TrustMe...23.dll

windows7-x64

6

ie/TrustMe...23.dll

windows10-2004-x64

6

ie/TrustMe...64.dll

windows7-x64

7

ie/TrustMe...64.dll

windows10-2004-x64

7

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f46df8c55d6057e0583364cc726115a_JaffaCakes118

  • Size

    689KB

  • Sample

    241009-l88fhssfnh

  • MD5

    2f46df8c55d6057e0583364cc726115a

  • SHA1

    c505826630b11968197c5e721740157df205d4a2

  • SHA256

    54cb5a9f13bc6ea1c40147ff7bdec544b458799cd0fcde52b456d285e9636761

  • SHA512

    29e189080efb5627fe02d5aa9a22d0c3c60438a1d2c5affc5e39c3fdb95fc012b4f73071be69dd9e448eb00f3d582946b138f7cdc51e5eae4458171934281ece

  • SSDEEP

    12288:S2UPBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDwjeKuVGv/9+N8OLwwi9n6Kkd4:SxpG4G37tUnvone83Z76bMHxstUGv/9Z

Score
7/10
adwarediscoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      2f46df8c55d6057e0583364cc726115a_JaffaCakes118

    • Size

      689KB

    • MD5

      2f46df8c55d6057e0583364cc726115a

    • SHA1

      c505826630b11968197c5e721740157df205d4a2

    • SHA256

      54cb5a9f13bc6ea1c40147ff7bdec544b458799cd0fcde52b456d285e9636761

    • SHA512

      29e189080efb5627fe02d5aa9a22d0c3c60438a1d2c5affc5e39c3fdb95fc012b4f73071be69dd9e448eb00f3d582946b138f7cdc51e5eae4458171934281ece

    • SSDEEP

      12288:S2UPBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDwjeKuVGv/9+N8OLwwi9n6Kkd4:SxpG4G37tUnvone83Z76bMHxstUGv/9Z

    Score
    7/10
    adwarediscoverypersistenceprivilege_escalationspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      ffTrustMediaViewerV1alpha6623chaction.js

    • Size

      869B

    • MD5

      125e18b236bcd0c66844a22537277ef8

    • SHA1

      05e3b3723edd3eccc42451c978999553bff48e27

    • SHA256

      4fa5f92c02692b5fe0f290ef0605bd67c7a952b7a6ce29f83bc0c2409743f513

    • SHA512

      a6bd9191aeceec41587bc97b547d32b1477312d1bed70f972e6efec40c6540f2cfe3d46f36db657ee37dfc9688ed3d2da5487c9c625cb8af295bb235e0ad2fa1

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6623.js

    • Size

      768B

    • MD5

      9b985e3f96fd928dcce6e59ac1d4dc2d

    • SHA1

      21ccf51a7741eb322eded6ec66037dedcfc5a7ba

    • SHA256

      06ceeb37ed62def36d82fbd593d05cd6c0c7fc659381f1ee82100872fb7d65d3

    • SHA512

      98a52a05db7d909d2f3ae2b5850d7a6f9a2b37de826d0843d12c981b4a2609562e30eea5f028e718b0bb78b20c5b73abfcb9ad646c2cd09722873a7407bfc52b

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6623ffaction.js

    • Size

      706B

    • MD5

      05e12058d37a854e9d79fca4f6a727f6

    • SHA1

      96b6a717cc8a45cf141891107b4e5196e55e141f

    • SHA256

      a3ae78c99a4c3079c0374b852003e20ad3cfd855efd6a6c92fc66bd4a3404391

    • SHA512

      d7b5a4c38b300ac081808cff46f959f57a4cfcdb9ac9678cb80f89190940e1a89bc7a75efa16793a8b768e447b50cafdb493f8aeed52d72ab25856319d04e8ce

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      ie/TrustMediaViewerV1alpha6623.dll

    • Size

      85KB

    • MD5

      9a8314b2f504eba56156791b80a15bc6

    • SHA1

      fc0944d46d98c563b0b0d499a27f65b6a7f85692

    • SHA256

      d08a3bbb46147d83ac1ae56659ef3f514dedf3534f9177731f4fc0d6149fa507

    • SHA512

      e5e3abdbaa34d420c10dc72a7855466a34517f3a401fbe00bc09fad420b98673f35d1cbee7a44a4d6259b658d32019b479dd586ccfdf8c49b225193472f66d65

    • SSDEEP

      1536:MpMGCsQis4EnvtKx+kNp8DkwD518DOslQ2B68Vx:JGais4EnlKx+kNwD5uDra2B68

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral13behavioral14

    • Target

      ie/TrustMediaViewerV1alpha6623x64.dll

    • Size

      100KB

    • MD5

      6b0e1495a588112af944d6f290b8e6d9

    • SHA1

      3f5004b9f52063c204c9a927671c92ffb5e0a2dc

    • SHA256

      d4f8a725101eeb4fe70ece2b8090a90cd080c9f200b669d0ebb2d752596cebfc

    • SHA512

      47449a4df68937dd8dabf8ee1ce55767ae97b37df7d0d1394af1d556d6a41f705a6b9c3b358d4d313bf48f0ff0c76c2d84b303244be366eec26c3e1a92b87142

    • SSDEEP

      3072:7BjCnTZPzGSRzBHsQnTfGNAj23SWfzQBTq1F9q8:7NCnTZPzGAlHdTONAjfevq

    Score
    7/10
    adwarepersistenceprivilege_escalationstealer

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral15behavioral16

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      02eebe2f5387f243ef2420958cd0a052

    • SHA1

      9b6e3294d0833eea323b9158237f795a61875b8b

    • SHA256

      ffb9393cfe6fe38c388d71fc346df43c97fba1250aa7bde7ac57a8b759165fd1

    • SHA512

      e9ca1d58c4296ec0e58a45c6b08ddbd936b48951cb268f630693a46fb52f744411f9edc29f48ab333f6ddbfdd4e9710fca887e475fdf3ce36809c13407ad31f4

    • SSDEEP

      6144:Ee34hljKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEq:EljeKuVnvon+N83LwwiAn6KkM33nxDj

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

adwarediscoverystealer
Score
6/10

behavioral14

adwarediscoverystealer
Score
6/10

behavioral15

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral16

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral17

discoveryspywarestealer
Score
7/10

behavioral18

discoveryspywarestealer
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10