793cb7063c59c9224b893bf4a946544513fa69c803862e6d103067b0cfedf514

Sharing

Copy URL

Twitter E-mail

General

Target

3c7c662d19e7961038eb817893d7c492_JaffaCakes118
Size

657KB
Sample

241012-2zzd9azgrr
MD5

3c7c662d19e7961038eb817893d7c492
SHA1

fc9eeec35e96c9167e048eea797f9ccad890cd70
SHA256

793cb7063c59c9224b893bf4a946544513fa69c803862e6d103067b0cfedf514
SHA512

e076db1ae1c9334128d42b3c9efc8713393e3db40c51c8a6364b7975eb882503c97c3c2fd519e10ffa93daa77a7d78fb0b1a352f4a04ffedfc2c29e181d3b4fe
SSDEEP

12288:GstbU7JIG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4Wa/QTKJ8eP9/75uO7eU266Bi:GxVIG4GQm4OaHYJ8eP4D5uOHBBe4Waek

Score

7^/10

Malware Config

Targets

- Target
  
  3c7c662d19e7961038eb817893d7c492_JaffaCakes118
- Size
  
  657KB
- MD5
  
  3c7c662d19e7961038eb817893d7c492
- SHA1
  
  fc9eeec35e96c9167e048eea797f9ccad890cd70
- SHA256
  
  793cb7063c59c9224b893bf4a946544513fa69c803862e6d103067b0cfedf514
- SHA512
  
  e076db1ae1c9334128d42b3c9efc8713393e3db40c51c8a6364b7975eb882503c97c3c2fd519e10ffa93daa77a7d78fb0b1a352f4a04ffedfc2c29e181d3b4fe
- SSDEEP
  
  12288:GstbU7JIG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4Wa/QTKJ8eP9/75uO7eU266Bi:GxVIG4GQm4OaHYJ8eP4D5uOHBBe4Waek
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release1045chaction.js
- Size
  
  864B
- MD5
  
  3c475defda5c687bdc7a180b3c46961b
- SHA1
  
  413174552907fe29b0ee4f420991d83214df9072
- SHA256
  
  1913fbc0c02de7022750a805fe15f99a58b2628373d85112d605e6e0d9e4da9b
- SHA512
  
  fb09b9d1dd75ad5b002a4aa36046ba0b6016831ff6f3b383bd11a88f840004c19d4058c133ef2230d7056e71a94bfa83d4fd9a1b2f8cf441d0f21617782585e4
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release1045.js
- Size
  
  765B
- MD5
  
  d2070d7669ade04ff713a915f414a4ea
- SHA1
  
  255f130b252493df498c5b50e6b02f146cd9c61c
- SHA256
  
  55bb809fccc1530b818f38898b09e42563b20728949fb3d698747805253214e8
- SHA512
  
  d8ad14946e72b90403a8a7c4312f55343411b7ff5483e89d1c0aae980e89ffcb5602c7d45550bf38999017be31c56336e0e3cfec18eaff0f7c3246cc7745157b
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release1045ffaction.js
- Size
  
  702B
- MD5
  
  c6b16ddb61bfccff28bf5a09ee05ca26
- SHA1
  
  f852ba01d83b54c1346383b525d5a2456811bc9b
- SHA256
  
  4be058278a699aa8062b6f8f9320ab6911ad0e155f0a5eca8519b490eb4d8252
- SHA512
  
  0bd7ec6d4236d38c5531587014c9884e2298b85d9ca72aa84fc564629a6cc8747f84dfb59a0a60c5445932759389322013ec0cea8c4368ac916943cd10c1766b
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release1045.dll
- Size
  
  85KB
- MD5
  
  7d46947a2bcccca4a1b4a87c3a614e4c
- SHA1
  
  eabb2821e8d8251a9458a3747e60bb0cb46d0355
- SHA256
  
  f1083c90394168cb26c2b8066fca3387d97b125e21465df46864465b54c5042d
- SHA512
  
  e2a70c91f46abf613850959f9f973a1b3a4884111c33a3de23c2756ff082a5b2895454cbeb952e2b9ed7a964733bfec6540582c3f26aa1bb999a4620ffe43cdf
- SSDEEP
  
  1536:/hMWCsgyMIwP/t6hp1ZcTkrC7PCTfLlQmn4KS:WWKyMIwP16hp10Pgamn43
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  e8c7641b8e280e4c8f0a605354f77f8b
- SHA1
  
  7568ab7fafea8494007214b0fc41b567658966a3
- SHA256
  
  5f35be12102f10fe497611be83b3a680cf16c74ea1b5ccbb479a0f8845388a73
- SHA512
  
  622cad194f52040a6ddc008a70181e28edfa7eb1ee74c1e8e1a31fb53d227079b78d84821e54f252be8c2ae6b48a17f77030f38131dd7e24a3810dad30578020
- SSDEEP
  
  6144:Ue34FIRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmF:AIq4OaQQTYJ8eP4/L5uO7D3f5BI
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16