a6adb2d9533035f19c06fb1ccbc8b00a62845cf4b3aef203652c5eac38cf51af

Sharing

Copy URL Twitter E-mail

General

Target

3868349af85d0bb444e007c793cb975c_JaffaCakes118
Size

634KB
Sample

241012-ezmn5atapd
MD5

3868349af85d0bb444e007c793cb975c
SHA1

267f0e90aecf94b42188ae24f5086713bbff8aff
SHA256

a6adb2d9533035f19c06fb1ccbc8b00a62845cf4b3aef203652c5eac38cf51af
SHA512

9418c3af6670ccc67f024a75732126e59f7a78efdb9efac1a955b140ab4f103bca57374e32e9250e2529d3c0388ec9652fef95bcad576c0b187b7e945dbfa220
SSDEEP

12288:d7v30mM1G4GjeZHkwuPikQ7lKH5p5H9x1yeZHkwuziDQBlKR5psxjlf1:dD30HG4GjeZEXi37l6Br1yeZEriMBlm8

Score

7^/10

Malware Config

Targets

- Target
  
  3868349af85d0bb444e007c793cb975c_JaffaCakes118
- Size
  
  634KB
- MD5
  
  3868349af85d0bb444e007c793cb975c
- SHA1
  
  267f0e90aecf94b42188ae24f5086713bbff8aff
- SHA256
  
  a6adb2d9533035f19c06fb1ccbc8b00a62845cf4b3aef203652c5eac38cf51af
- SHA512
  
  9418c3af6670ccc67f024a75732126e59f7a78efdb9efac1a955b140ab4f103bca57374e32e9250e2529d3c0388ec9652fef95bcad576c0b187b7e945dbfa220
- SSDEEP
  
  12288:d7v30mM1G4GjeZHkwuPikQ7lKH5p5H9x1yeZHkwuziDQBlKR5psxjlf1:dD30HG4GjeZEXi37l6Br1yeZEriMBlm8
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffMediaWatchV1home3940chaction.js
- Size
  
  834B
- MD5
  
  682abbcbb5d9c4b1c28826e39c52060d
- SHA1
  
  68ca240420dbb0ce5a8dea0de011a8b0959b7934
- SHA256
  
  12ec9681ae64fb36a0b15dd1259b7027a2e72857eee51de7fb143c1a2d40e57e
- SHA512
  
  df4ae289e5bb9faf8110b984f1286e07f658eeff6326ff74fa4ac6abdc92aa78f4fec7a3c7af558d5487ad13e88c3d438ef751b17e9952c158fb87e29d60c0c6
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffMediaWatchV1home3940.js
- Size
  
  747B
- MD5
  
  fd6cb1039e85584b5eeb7828078a7018
- SHA1
  
  5ff95baa58270ea1440d963ac36c543cbf368885
- SHA256
  
  3e64007847b0c01db864f8c080776b641e2b98ea2aab3c5087106663c73a9271
- SHA512
  
  a37053b18709047144445053be32bf8bedb58dcb9a8f7bd89be3161f822a2bdb33b90aa4f562c0060a332c2e7584393b42a60bbb51c9cdbf9efd9902f7105b0a
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffMediaWatchV1home3940ffaction.js
- Size
  
  678B
- MD5
  
  4c3314d04755a166cd08ec3084aee090
- SHA1
  
  e89fac36de535d5b56a3da48538328311ebf1c38
- SHA256
  
  fe36214cb8704e9e03a65064f18e8c5380aa595d6508dfd672d542c520020a9b
- SHA512
  
  971ac29d7116f20092f9dc656de5c38ba34ef4466a0e2f2b8f1ba44de59e2bef97829c1434fecf6ae64f74a60567b8484986038e2ec9ca7b7be42139d28f0bb2
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/MediaWatchV1home3940.dll
- Size
  
  85KB
- MD5
  
  00a1b04a4f1a258dfb5e0739ffd844ef
- SHA1
  
  389947c4fedd0a67ec676fcd5848c5188aeb0a13
- SHA256
  
  ac2d9fdbff5dd17f6c8c43bd026c4dcd6b831d386fb34e5a860c1b5172537c33
- SHA512
  
  392150bb6b462e4cc106971b826e9bb1d53bf215d5bf9f0e5d9ab89c6d6d31eea7082a226e2fa8329350be2f9481ed8e392ae9c9c8b104a5fd02d7e6df0c539a
- SSDEEP
  
  1536:28/1CsEmka04RhRtahrOb8Dkh1PHA9glQ+TwR:x12mka0ElahrOpPgua+Tw
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  285KB
- MD5
  
  493af7fab5398482addd59631d07ea03
- SHA1
  
  24e530d91dbd772692bf272cfbd03df2fc30d26b
- SHA256
  
  e48e9b367a2d2301aee64e4df92997703ac8b8030cd061414cb5278d44f2b9ea
- SHA512
  
  9f04fe96e85acba2b17a34195ef5e22e9b91ead3532ac7671eb1e5752d7eb89f14a023cfb01e5209d942bec1b56bd2b24682a4a94c90a31f5c4a6128c8f4f783
- SSDEEP
  
  6144:Ee34+dpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1d:nbeZHkwuPikQ7lKH5p5H9x1d
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10

discovery
behavioral15 behavioral16