1d213cc6b4a99636faf249f29443673b037fa244d2e095d3874e7a87896e324c

Sharing

Copy URL

Twitter E-mail

General

Target

36eea6b870712af8f22c2c7ffc0ec711_JaffaCakes118
Size

657KB
Sample

241011-1h1qbazekl
MD5

36eea6b870712af8f22c2c7ffc0ec711
SHA1

8c9c6a22211b88df8df5d3444b2d9d6386f9f933
SHA256

1d213cc6b4a99636faf249f29443673b037fa244d2e095d3874e7a87896e324c
SHA512

916555bef38f12295b48323f1b67fcbebd51ad3a64f4442eb763c86c5ac95792f2dbb302722fd20705027084bcafb2d88a6742b6aced85ebb66b10d0f1763a90
SSDEEP

12288:47HuPwwOiG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B0q4ma/QTkJ8ePJ/R5uO7nU26la:4b0w5iG4GQm4OaHYJ8eP4D5uOHBBp4mY

Score

7^/10

Malware Config

Targets

- Target
  
  36eea6b870712af8f22c2c7ffc0ec711_JaffaCakes118
- Size
  
  657KB
- MD5
  
  36eea6b870712af8f22c2c7ffc0ec711
- SHA1
  
  8c9c6a22211b88df8df5d3444b2d9d6386f9f933
- SHA256
  
  1d213cc6b4a99636faf249f29443673b037fa244d2e095d3874e7a87896e324c
- SHA512
  
  916555bef38f12295b48323f1b67fcbebd51ad3a64f4442eb763c86c5ac95792f2dbb302722fd20705027084bcafb2d88a6742b6aced85ebb66b10d0f1763a90
- SSDEEP
  
  12288:47HuPwwOiG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B0q4ma/QTkJ8ePJ/R5uO7nU26la:4b0w5iG4GQm4OaHYJ8eP4D5uOHBBp4mY
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release6356chaction.js
- Size
  
  864B
- MD5
  
  d330737ec527ecfe97c39df30ec31ad0
- SHA1
  
  2b2f565cd93aa9932bec12a42009b307eab3256b
- SHA256
  
  cd7ec58afa4b0ea616c3a25230fc2fa1d440011ce246345a8eb4c92b5fa54635
- SHA512
  
  72ff1e9e4f82abb0f4a849d03a799b609f7c801241864516abbe2aca480782f89194d5ff715f53a625b69ec694b8cc45aa99483fa26df2ee5749d1b8c15cc97c
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release6356.js
- Size
  
  765B
- MD5
  
  40f042a47c3dba70c468beea7d9a1bc2
- SHA1
  
  5d4a69c2d4f2ae6c0184ee240c73bfefd0332537
- SHA256
  
  97a85e3c91a41c11ad99f488665c930cf4ac6c4709e0f30d86fbf57b577acbdd
- SHA512
  
  ae8f5f05a40ff3db8dc80674368bc3dfd150e6048b7396c8f0b8c17c048240d7492d84730127f680435e9227a75482246d3c32562b8920aaa1c1cd8a9e5e4617
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release6356ffaction.js
- Size
  
  702B
- MD5
  
  a498f7e9db653877550ab32faffa72fe
- SHA1
  
  0fecd7a3599396d366784530d11c75187df55570
- SHA256
  
  98a742cb66fd33865b8608f3f60105e6fa6b464fedc31690f467e5fcd6efb48b
- SHA512
  
  9d9158549db39fb271cc3dcf81a5c1cc592089888053592d299f4c1c840e0694d0753eb476df09b9d10b9a3868a5013ff3aa3276fed499a328076694da465916
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release6356.dll
- Size
  
  85KB
- MD5
  
  8e68c9c75c5c63b09bdcdfb0b94e51ef
- SHA1
  
  7f779361833d598a4df4f4a8b462cc740962f99a
- SHA256
  
  88ac7f764b4535e06dca79f0826f519843f19529dd7c190bab8fa15976b9c89f
- SHA512
  
  e169ecb4b28525980795a406879ec81912ae04ee95072fc2a40ba09c5c3fa066e3c8219c6726587f2746844b48ac0ae720a7859f05fdae8c9c41e51e1a41975c
- SSDEEP
  
  1536:WhMWCsgyMIwP/t6hp1ZcTkrCf8vCTfLlQWXaKS:DWKyMIwP16hp13vgaWXa3
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  a33265b4b8a83ab782ff282560bf82f5
- SHA1
  
  7b32db1310510325b70f59fe63366d4bb03ab42e
- SHA256
  
  12e988eb6047b83df4e7f0d532c5acd320c45c6285235dbfadf32a8237beaf1c
- SHA512
  
  962042242c4f17c09a9a94e725d20f4dfdf0796a127086adefb7a0b4e54fa96d541165dca51bbd3e25a63379fd2966c9c33c3476db6c646c5055a8f0783c9ae0
- SSDEEP
  
  6144:Ue34nRRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmo:ORq4OaQQTYJ8eP4/L5uO7D3f5BN
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16