Overview

overview

7

Static

static

3

3e09105238...18.exe

windows7-x64

7

3e09105238...18.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

3

ffMediaWat...ion.js

windows10-2004-x64

3

ff/chrome/...866.js

windows7-x64

3

ff/chrome/...866.js

windows10-2004-x64

3

ff/chrome/...ion.js

windows7-x64

3

ff/chrome/...ion.js

windows10-2004-x64

3

ie/MediaWa...66.dll

windows7-x64

6

ie/MediaWa...66.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e09105238112d8ecbaf4cde8f2ad021_JaffaCakes118

  • Size

    634KB

  • Sample

    241013-f3jx3s1djg

  • MD5

    3e09105238112d8ecbaf4cde8f2ad021

  • SHA1

    19d6f44361528f173bc0109db91fd56c5eec4f20

  • SHA256

    19b8c0f301419469afb27c92507990ea572d050cfb8d6440fea78d4e0e557f2e

  • SHA512

    35376556c4084dff356eb8ea4b4ea2c68abe1ab649e6ffa429f467a1262ddb44c8f6c66789e7018da0798b288500679147d9778c23fb1181a40fb1f42fc60a8e

  • SSDEEP

    12288:U4MU5vxyG4GjeZHkwuPikQ7lKH5p5H9x1IeZHkwuriZQZlKh5pQxlMjVWg:UW54G4GjeZEXi37l6Br1IeZEjiOZlWo+

Score
7/10
adwarediscoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      3e09105238112d8ecbaf4cde8f2ad021_JaffaCakes118

    • Size

      634KB

    • MD5

      3e09105238112d8ecbaf4cde8f2ad021

    • SHA1

      19d6f44361528f173bc0109db91fd56c5eec4f20

    • SHA256

      19b8c0f301419469afb27c92507990ea572d050cfb8d6440fea78d4e0e557f2e

    • SHA512

      35376556c4084dff356eb8ea4b4ea2c68abe1ab649e6ffa429f467a1262ddb44c8f6c66789e7018da0798b288500679147d9778c23fb1181a40fb1f42fc60a8e

    • SSDEEP

      12288:U4MU5vxyG4GjeZHkwuPikQ7lKH5p5H9x1IeZHkwuriZQZlKh5pQxlMjVWg:UW54G4GjeZEXi37l6Br1IeZEjiOZlWo+

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home866chaction.js

    • Size

      829B

    • MD5

      b842f1d746c8e38d8cf26835c88c8889

    • SHA1

      f0fcc4a5e1107c14b28733f57284cfa0d38f743d

    • SHA256

      0bbd00808e275db9c434f54c8d8ba4e148acbd5b57c703180cbe74f92632a5bf

    • SHA512

      e24982a8a376ddfd0dc54fc470a2fd459deb6c58f063900bf6dae2d73809fcfd18e7c4e8f86b44f2a7ed25415fa19504f037fac220b1c95aed53ed404be1a015

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home866.js

    • Size

      744B

    • MD5

      14e405eb05e78c37e85a2a6169967688

    • SHA1

      461e678eff21609beaf79fa6ce710b720545e81b

    • SHA256

      f08a6c39168f44d36719d7d227879fa4d55d3c4c6774cb1b5f40b2e0b9c44e13

    • SHA512

      56cf60940b28623355a7e61ce5a41c8ad498d23102a961ba13b2977ebe2dcabda7e9956aceec4d4e3d442fff40b6e229f425c0b1b3667772a795c5e0c7386bae

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home866ffaction.js

    • Size

      674B

    • MD5

      189a39686a913560f9579cd86fd3568b

    • SHA1

      e961dcf4270b98b826f8c5f8c8362ace99a775f2

    • SHA256

      c1a4f8f3d90612a856ca602eeeea1d6ebd4d7cdb046eff0063c6969da5249534

    • SHA512

      f6d0b2c9568f6730357a2dc5b1a054f3b755701673c0515ae8c49572dae8738b9995e9165d3f67d1704fc4be195ae6ee9d8cbf7d138eac9a53f1e326a373adf8

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home866.dll

    • Size

      85KB

    • MD5

      b49c29bff2199b0068a1abc596b24475

    • SHA1

      ae84fdc51886e3ced9d5d0d3c4a6dbe4d1739185

    • SHA256

      4fca56e8543c3da0a560435ec7018bbf654dee414b21291f36302df26ba67c7d

    • SHA512

      621bff61f917c2973706f22f502dc808409dd20ad3b400c2b2ad40f13dc7de356b254214168293a9185c6250c7ddc043408208fd087132fb94c0de1f853925b6

    • SSDEEP

      1536:Rn/1CsEmkaMAXtahrOb8DktZVHA9glQkr8Wd:x12mkaMA9ahrOZVguakr/

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      4105c2d8e189025729ad3e8f832606d2

    • SHA1

      688c8ee026a39308b60221657d9c039b700151a0

    • SHA256

      b1772e758b74d25641f3b2245cb1a2282f2c75ffb0daa3cef61f35977f586ec7

    • SHA512

      6631b1ff16cef3820a4c3c65c2b27253f366d19e82d374017751c45ebc88c57304826764075d751055dd90735d69787843d506b9afd6aa8b8dff12f84d93fcca

    • SSDEEP

      6144:Ee34DwpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1C:CMeZHkwuPikQ7lKH5p5H9x1C

    Score
    7/10
    discoveryspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks