41b3b8c40407b947133a3951f369b9a81c9cb6c0625b111c290d73dd78692396

Sharing

Copy URL Twitter E-mail

General

Target

3ac677978ce7008da9e718fa0dcda514_JaffaCakes118
Size

657KB
Sample

241012-sx9yjasbkk
MD5

3ac677978ce7008da9e718fa0dcda514
SHA1

ba4e0a5faa67a72c1cfe1b48d67293b7fb29f771
SHA256

41b3b8c40407b947133a3951f369b9a81c9cb6c0625b111c290d73dd78692396
SHA512

53e84c0e1506a831b6eb2ddc21e790d33aa28ecabdd7d92979d5c80cb3b78dba8226c2775ec9003293569b1c9f40af1144b40c3f4080e1ec01748f015a3a7935
SSDEEP

12288:vzqEQA2DrG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BGq4ca7QTgJ8ePN/P5uO7GLvHfp:vm5G4GQm4OaHYJ8eP4D5uOHBBr4caigM

Score

7^/10

Malware Config

Targets

- Target
  
  3ac677978ce7008da9e718fa0dcda514_JaffaCakes118
- Size
  
  657KB
- MD5
  
  3ac677978ce7008da9e718fa0dcda514
- SHA1
  
  ba4e0a5faa67a72c1cfe1b48d67293b7fb29f771
- SHA256
  
  41b3b8c40407b947133a3951f369b9a81c9cb6c0625b111c290d73dd78692396
- SHA512
  
  53e84c0e1506a831b6eb2ddc21e790d33aa28ecabdd7d92979d5c80cb3b78dba8226c2775ec9003293569b1c9f40af1144b40c3f4080e1ec01748f015a3a7935
- SSDEEP
  
  12288:vzqEQA2DrG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BGq4ca7QTgJ8ePN/P5uO7GLvHfp:vm5G4GQm4OaHYJ8eP4D5uOHBBr4caigM
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release58chaction.js
- Size
  
  854B
- MD5
  
  9fd9511092bb21e3c28f615b8a1c924f
- SHA1
  
  8b18ebb19bfdf812db65913dc62293f9a741d2f3
- SHA256
  
  d6df34eb54c4d6985fe6d0ef6c07c127e69f33ce75fd7e3ab17c23280584d60a
- SHA512
  
  cc852f6a151b5965c4a56b21c89fd9c093b9724160e138dc2ac275ef00ac5de6b0df07d78b411c4764fa4697e18142de52094f22ca26415ab4d9dfd63ea17db8
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release58.js
- Size
  
  759B
- MD5
  
  081806462cd05a2d2cbffa89dfdb609f
- SHA1
  
  fccc81b12949913664c07b973663b92a0003b648
- SHA256
  
  3d4159727604b07d691f25db771bf5ae305fd50d1c2a65f7c655e09e8e525313
- SHA512
  
  7d1839afca08a51a25c1c4555ba242f4e40bbe951243f905ef64a9baefdc043bb5d906ed22820cb5477d565f5202faea4fd3755ee28e498c8f4624fa22c6b775
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release58ffaction.js
- Size
  
  694B
- MD5
  
  d2baea390a305ce2c57eacc28322811e
- SHA1
  
  40a333da011fa67496d910d1682044125676282b
- SHA256
  
  d8d72926c41e27d4d5efac1043a109253a2ffeb70e884d3b546b0e00a055d4f8
- SHA512
  
  5fa9a5e32d713a5b53a717212f7ef98168702db59970b89814abada428fd19fc818fda98d55f93e7cb46cac9ce5921b0c2f60bd4400da691bf65baa8124fb79f
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release58.dll
- Size
  
  85KB
- MD5
  
  e11cb97720d99869bc4606d2a94aec36
- SHA1
  
  a41e592fb0bff8ea13ecefe079498da4779a32b3
- SHA256
  
  7bcf1acde14df56edbd778ca50a449aeb0a4217ef535cf4acbe0c0d0a30b5080
- SHA512
  
  ec498f9981e097558285729b88fbf17d08bee1c800f15887bbb06705c0063d78cd874b4071cb562a86ba891560cf617529feebc87845ed565114e653ca6610c7
- SSDEEP
  
  1536:msfNScAkccEVtqY6Zk8DkkAx3LlQ6A+yY:BNCkccEnqY6ZhAx7a6A+P
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  08a105bdad7cefd37289a85ae020bbca
- SHA1
  
  ac5022f27bc1743054ad9f00a3fce5e5ea8b48c1
- SHA256
  
  7127044f4dbedf7ff757cd1cb3bcb1702121af471f619719ae78c2cb87ed0f51
- SHA512
  
  ddccf90ac0af87be06dded999e6544535b9d0901423649fa5d839982804e52ad068c422ac3fda2962ac60950d2b48be73b0aff75dc74ed03b85cd8a75dc1649e
- SSDEEP
  
  6144:Ue34w3Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm4:t3q4OaQQTYJ8eP4/L5uO7D3f5Bl
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16