3c5654cbf41ed6b876b7d36359c38237e9ca70a20b557a1983c96816cb249818

Sharing

Copy URL Twitter E-mail

General

Target

2fbda1f04e07f617469fc01f98874b4b_JaffaCakes118
Size

634KB
Sample

241009-mt4z8awdje
MD5

2fbda1f04e07f617469fc01f98874b4b
SHA1

d915eb6d9b4358851f2c9da0b495cf0b932ff97e
SHA256

3c5654cbf41ed6b876b7d36359c38237e9ca70a20b557a1983c96816cb249818
SHA512

3ae68eb66e345f2a4c91a6aa3b95e40fc8332aa8bcd2e3e346cca0a1763fc5ff0a2b415121f84267a4d7203e5a858fabc63043498eba2ac8621009908b31af6f
SSDEEP

12288:w3O0G4GjeZHkwuPikQ7lKH5p5H9x1nQeZHkwuriZQZlKh5pQxlMjVWj:wZG4GjeZEXi37l6Br1nQeZEjiOZlWoft

Score

7^/10

Malware Config

Targets

- Target
  
  2fbda1f04e07f617469fc01f98874b4b_JaffaCakes118
- Size
  
  634KB
- MD5
  
  2fbda1f04e07f617469fc01f98874b4b
- SHA1
  
  d915eb6d9b4358851f2c9da0b495cf0b932ff97e
- SHA256
  
  3c5654cbf41ed6b876b7d36359c38237e9ca70a20b557a1983c96816cb249818
- SHA512
  
  3ae68eb66e345f2a4c91a6aa3b95e40fc8332aa8bcd2e3e346cca0a1763fc5ff0a2b415121f84267a4d7203e5a858fabc63043498eba2ac8621009908b31af6f
- SSDEEP
  
  12288:w3O0G4GjeZHkwuPikQ7lKH5p5H9x1nQeZHkwuriZQZlKh5pQxlMjVWj:wZG4GjeZEXi37l6Br1nQeZEjiOZlWoft
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffMediaWatchV1home253chaction.js
- Size
  
  829B
- MD5
  
  4f6e821a7dbe6712fd19679e75c877ae
- SHA1
  
  6b248f29a99e113c431c253d13bfc0676a9e9562
- SHA256
  
  813340b936631b4bb01623dcc361bb651704cac16d3f558a33c2c8412ba5ee03
- SHA512
  
  fa50ad924caa5470aa6357a8eb0dcf80061762462a0553f9e2e91b94301bda2c5078dad762349f7dbbd536180735fad28031a864ac94a75b2938dfe10734c6c4
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffMediaWatchV1home253.js
- Size
  
  744B
- MD5
  
  a0305090b5daa547d0cdda22a8bc0aef
- SHA1
  
  f9cdd6674f324250e4a0cb844e5ff8ef90624e12
- SHA256
  
  461a1c5c6dcfe86760152e9db2de508d304e65d513a4b7e168ccd7af06907660
- SHA512
  
  758431bb99d6a9a0155a377a983f1f8eb3ca7190af126e1bcb0d2893e9600c33c38ef84536da64644aa8b2554c3b305791f6c507ca3bac0f115596261c12a175
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffMediaWatchV1home253ffaction.js
- Size
  
  674B
- MD5
  
  a978a7eb37e204f612d83d4ab17a9c73
- SHA1
  
  ebcbb714a1702574c62ce3c587da5c42c6b068bf
- SHA256
  
  90eb7041475ae356c16721a4f7e0a89112ad9af37ae532dc42214ab51e624c11
- SHA512
  
  d0649bfe52fbd77547e8625a71c6e500c5f80e651549474db1e7f12b9088707ff0945af9d6136fa52f0cab16279d7c24f3288bf54b0bf1552a9e6683dfee299b
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/MediaWatchV1home253.dll
- Size
  
  85KB
- MD5
  
  061dd84aea6a5df0cc940d2c4da3a409
- SHA1
  
  d7c1d15cd17b84793f9a8d31b7def924e3d510a3
- SHA256
  
  39522773bfdfc8d7dfb6c886e72ded4f07a5473a1f4aa4231a9592aa4c9ab759
- SHA512
  
  0e713714f1558d5b52c33d55d7400cf851fa07b5c842cd26f3fc3750c036c80031e62b8ce1c617160f299139d2a835e6c260cb6b2bb6770ddc16c7ae381de400
- SSDEEP
  
  1536:Un/1CsEmkaMAPtahrOb8Dkt8yHA9glQC/Myd:w12mkaMAFahrO8yguaC/T
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  285KB
- MD5
  
  7e88b0dde2bd85e51448a2a13e73fbb8
- SHA1
  
  773421bb849cf394e97f26756c5b7b302993798b
- SHA256
  
  43027200a6d66600a50cf8485648976ae971dd4ce1a00054b2957ee69806bf08
- SHA512
  
  a0473160f017846f82f8a8e9cedea2bdc8bae895e6ae66926b1e3fa2ff67721429c432b50e75bd16b082da4dcd7ae694907604ca4a6081e6e48287e79bf1f171
- SSDEEP
  
  6144:Ee34PPMpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1N:2PQeZHkwuPikQ7lKH5p5H9x1N
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral15 behavioral16