Overview

overview

7

Static

static

3

38d0d2e8cd...18.exe

windows7-x64

7

38d0d2e8cd...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffTrustMed...ion.js

windows7-x64

3

ffTrustMed...ion.js

windows10-2004-x64

3

ff/chrome/...485.js

windows7-x64

3

ff/chrome/...485.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/TrustMe...85.dll

windows7-x64

6

ie/TrustMe...85.dll

windows10-2004-x64

6

ie/TrustMe...64.dll

windows7-x64

7

ie/TrustMe...64.dll

windows10-2004-x64

7

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    38d0d2e8cdb2134dc0bc1fc9dc49415e_JaffaCakes118

  • Size

    689KB

  • Sample

    241012-g54wpssdmr

  • MD5

    38d0d2e8cdb2134dc0bc1fc9dc49415e

  • SHA1

    418db449b0948e95888dd8bc56660e3a9c6b5a48

  • SHA256

    4458db20eae5b73025267cc6b0b6d92ca75df40c87583d917a2ed20949b771b7

  • SHA512

    9dabeec82da1bd1bb16fffdef5e179bf4e696d17ab7993bc525a178276f9ccc0a80c859863179754294a9fd3213ef2b449282b42d2efaea635d41c24b7755d57

  • SSDEEP

    12288:gPq1T4LghMpDwBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDPjeKuVGv/9+N8OLm:gPq1mqMlwBG4G37tUnvone83Z76bMHxx

Score
7/10
adwarediscoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      38d0d2e8cdb2134dc0bc1fc9dc49415e_JaffaCakes118

    • Size

      689KB

    • MD5

      38d0d2e8cdb2134dc0bc1fc9dc49415e

    • SHA1

      418db449b0948e95888dd8bc56660e3a9c6b5a48

    • SHA256

      4458db20eae5b73025267cc6b0b6d92ca75df40c87583d917a2ed20949b771b7

    • SHA512

      9dabeec82da1bd1bb16fffdef5e179bf4e696d17ab7993bc525a178276f9ccc0a80c859863179754294a9fd3213ef2b449282b42d2efaea635d41c24b7755d57

    • SSDEEP

      12288:gPq1T4LghMpDwBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDPjeKuVGv/9+N8OLm:gPq1mqMlwBG4G37tUnvone83Z76bMHxx

    Score
    7/10
    adwarediscoverypersistenceprivilege_escalationspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      ffTrustMediaViewerV1alpha2485chaction.js

    • Size

      869B

    • MD5

      0be7c39a9dd5b4e7fafcc080b74f9db9

    • SHA1

      825f4da434745d91ae89bfa3d296ea30df2c3615

    • SHA256

      873db8b8a0658f4a969accbc8545fe349cfde1c29d05084c12dc56016d088bf4

    • SHA512

      fbc22f1e866d0d21648c651661a866244bcea41b60e1dd8ebc5dfdcb3074742c9ecf32157dc693af4a5825f135062650716fc10adba4d17b00b429fb2b932487

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha2485.js

    • Size

      768B

    • MD5

      b44bbe6ed0fe235b0cafa5c1f8f8c0ad

    • SHA1

      4cf5296600edc572284afb8d2d661f37e5b32314

    • SHA256

      0d922858f75abc79c72a8766a7d808bf11d29da9cc45316278daee976535a295

    • SHA512

      df57bcbef1eb0f9b150ec67a969257192af6dbe891b0ec8b4cfa0c9990989871317b7e351a5f15b65febc2f6638ce195818c426bc317d382c7db7905165fb048

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha2485ffaction.js

    • Size

      706B

    • MD5

      1f89857f9e00ef170926db29a6c62cab

    • SHA1

      ad378dadd77c18054c9fdc4b3ff7a0b9e199bfb3

    • SHA256

      b3a8c35886a6f46489ec75d1802000f06719f4bac4dd3ab52cb71a8ac0508dc7

    • SHA512

      01dcef8332f9ed0589508374efeef2ef4503409c8632935abd3735456c5d866b8e66a59f4e65a9f0c5afbb8865b5e452a1bef8e39e69899d64f5bbd5a85611ca

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      ie/TrustMediaViewerV1alpha2485.dll

    • Size

      85KB

    • MD5

      b5c16621f1b64d8710a522fb8bcfba34

    • SHA1

      7b3b14f227da46e0d77c5d42774100451c2ff8f9

    • SHA256

      7968008c61d60540b54375abf264cb799e33c16956aa58687be819e6632c6ef1

    • SHA512

      f852e7728dceb4f73229c3a522c1f4aea40e895b01a7cf0785b0628c05c33cd66f83b70bc0ab1df8a8185814ea7d0a876217ad432cb35aa2cd7ea5bcec859986

    • SSDEEP

      1536:3pMGCsQis4EnvtKx+kNp8DkoA518DOslQ1lDqFx:mGais4EnlKx+kNoA5uDra1lDq

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral13behavioral14

    • Target

      ie/TrustMediaViewerV1alpha2485x64.dll

    • Size

      100KB

    • MD5

      2fd3d8f41f611683e2987a3950d896e9

    • SHA1

      f66b32127d20da0a6730f825baa4c7925a16ccd2

    • SHA256

      fa31c6af0e68198b9419c5ade9456e7190780f5f585be9065c0cd5084f06eb52

    • SHA512

      56e89145b29fdfa99572fae17bda6f58255f9eed09a4daa9d17f9ad178c67f3b47c3d96b1da30a5bb71272b6d7524ce2a5a027481f8656eff8cc3e3d0cd4de91

    • SSDEEP

      3072:ABjCnTZPTGSRzBHsQnTfGNAj2kSWfzQBTL9F9Iq:ANCnTZPTGAlHdTONAjgbvI

    Score
    7/10
    adwarepersistenceprivilege_escalationstealer

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral15behavioral16

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      a9a20fcbce48f111e658e7d65640b335

    • SHA1

      c61a745391d6c7bd370f3fd9ae4e3aeface70994

    • SHA256

      8091f6554680e1c0bce5faddb093083dfb07ff10f639e7c03a169cf6249e2e1a

    • SHA512

      81bc93c459a80ed197fd9b7c23243aa9110a2e12d4a3a0573e1671b1427e66145dcab56b892be74f5edbd57f3bb4bbfcc25cc31ab8a515f3c29187331c45a9d5

    • SSDEEP

      6144:Ee34vGjKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEI:2GjeKuVnvon+N83LwwiAn6KkM33nxDl

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

adwarediscoverystealer
Score
6/10

behavioral14

adwarediscoverystealer
Score
6/10

behavioral15

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral16

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral17

discoveryspywarestealer
Score
7/10

behavioral18

discoveryspywarestealer
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10