General

  • Target

    3c7c662d19e7961038eb817893d7c492_JaffaCakes118

  • Size

    657KB

  • Sample

    241012-2zzd9azgrr

  • MD5

    3c7c662d19e7961038eb817893d7c492

  • SHA1

    fc9eeec35e96c9167e048eea797f9ccad890cd70

  • SHA256

    793cb7063c59c9224b893bf4a946544513fa69c803862e6d103067b0cfedf514

  • SHA512

    e076db1ae1c9334128d42b3c9efc8713393e3db40c51c8a6364b7975eb882503c97c3c2fd519e10ffa93daa77a7d78fb0b1a352f4a04ffedfc2c29e181d3b4fe

  • SSDEEP

    12288:GstbU7JIG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4Wa/QTKJ8eP9/75uO7eU266Bi:GxVIG4GQm4OaHYJ8eP4D5uOHBBe4Waek

Malware Config

Targets

    • Target

      3c7c662d19e7961038eb817893d7c492_JaffaCakes118

    • Size

      657KB

    • MD5

      3c7c662d19e7961038eb817893d7c492

    • SHA1

      fc9eeec35e96c9167e048eea797f9ccad890cd70

    • SHA256

      793cb7063c59c9224b893bf4a946544513fa69c803862e6d103067b0cfedf514

    • SHA512

      e076db1ae1c9334128d42b3c9efc8713393e3db40c51c8a6364b7975eb882503c97c3c2fd519e10ffa93daa77a7d78fb0b1a352f4a04ffedfc2c29e181d3b4fe

    • SSDEEP

      12288:GstbU7JIG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4Wa/QTKJ8eP9/75uO7eU266Bi:GxVIG4GQm4OaHYJ8eP4D5uOHBBe4Waek

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release1045chaction.js

    • Size

      864B

    • MD5

      3c475defda5c687bdc7a180b3c46961b

    • SHA1

      413174552907fe29b0ee4f420991d83214df9072

    • SHA256

      1913fbc0c02de7022750a805fe15f99a58b2628373d85112d605e6e0d9e4da9b

    • SHA512

      fb09b9d1dd75ad5b002a4aa36046ba0b6016831ff6f3b383bd11a88f840004c19d4058c133ef2230d7056e71a94bfa83d4fd9a1b2f8cf441d0f21617782585e4

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1045.js

    • Size

      765B

    • MD5

      d2070d7669ade04ff713a915f414a4ea

    • SHA1

      255f130b252493df498c5b50e6b02f146cd9c61c

    • SHA256

      55bb809fccc1530b818f38898b09e42563b20728949fb3d698747805253214e8

    • SHA512

      d8ad14946e72b90403a8a7c4312f55343411b7ff5483e89d1c0aae980e89ffcb5602c7d45550bf38999017be31c56336e0e3cfec18eaff0f7c3246cc7745157b

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1045ffaction.js

    • Size

      702B

    • MD5

      c6b16ddb61bfccff28bf5a09ee05ca26

    • SHA1

      f852ba01d83b54c1346383b525d5a2456811bc9b

    • SHA256

      4be058278a699aa8062b6f8f9320ab6911ad0e155f0a5eca8519b490eb4d8252

    • SHA512

      0bd7ec6d4236d38c5531587014c9884e2298b85d9ca72aa84fc564629a6cc8747f84dfb59a0a60c5445932759389322013ec0cea8c4368ac916943cd10c1766b

    Score
    3/10
    • Target

      ie/RichMediaViewV1release1045.dll

    • Size

      85KB

    • MD5

      7d46947a2bcccca4a1b4a87c3a614e4c

    • SHA1

      eabb2821e8d8251a9458a3747e60bb0cb46d0355

    • SHA256

      f1083c90394168cb26c2b8066fca3387d97b125e21465df46864465b54c5042d

    • SHA512

      e2a70c91f46abf613850959f9f973a1b3a4884111c33a3de23c2756ff082a5b2895454cbeb952e2b9ed7a964733bfec6540582c3f26aa1bb999a4620ffe43cdf

    • SSDEEP

      1536:/hMWCsgyMIwP/t6hp1ZcTkrC7PCTfLlQmn4KS:WWKyMIwP16hp10Pgamn43

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      e8c7641b8e280e4c8f0a605354f77f8b

    • SHA1

      7568ab7fafea8494007214b0fc41b567658966a3

    • SHA256

      5f35be12102f10fe497611be83b3a680cf16c74ea1b5ccbb479a0f8845388a73

    • SHA512

      622cad194f52040a6ddc008a70181e28edfa7eb1ee74c1e8e1a31fb53d227079b78d84821e54f252be8c2ae6b48a17f77030f38131dd7e24a3810dad30578020

    • SSDEEP

      6144:Ue34FIRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmF:AIq4OaQQTYJ8eP4/L5uO7D3f5BI

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks