81def15975007162ff65c1e9804e77f0e21adacc8a50717f99a18c5284c0e274

Sharing

Copy URL Twitter E-mail

General

Target

56a9f590e1ce54215025e77d7c628d64_JaffaCakes118
Size

657KB
Sample

241018-leyzzsyhme
MD5

56a9f590e1ce54215025e77d7c628d64
SHA1

48ec63d0e70181539c285ec0856ec25923ad71e3
SHA256

81def15975007162ff65c1e9804e77f0e21adacc8a50717f99a18c5284c0e274
SHA512

74405f245123e196aeb04d0b55b08ea5da8beaebfcb1cd9412f71c4474d52b1004dd1d249a6dea07720f8a2aaeec3cb5250304aa34cf0f6df43dbb297260f0af
SSDEEP

12288:OIS4RYk2HG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Btq4KaZQTmJ8ePt/B5uO7HApLz0:OQXMG4GQm4OaHYJ8eP4D5uOHBBQ4KaIU

Score

7^/10

Malware Config

Targets

- Target
  
  56a9f590e1ce54215025e77d7c628d64_JaffaCakes118
- Size
  
  657KB
- MD5
  
  56a9f590e1ce54215025e77d7c628d64
- SHA1
  
  48ec63d0e70181539c285ec0856ec25923ad71e3
- SHA256
  
  81def15975007162ff65c1e9804e77f0e21adacc8a50717f99a18c5284c0e274
- SHA512
  
  74405f245123e196aeb04d0b55b08ea5da8beaebfcb1cd9412f71c4474d52b1004dd1d249a6dea07720f8a2aaeec3cb5250304aa34cf0f6df43dbb297260f0af
- SSDEEP
  
  12288:OIS4RYk2HG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Btq4KaZQTmJ8ePt/B5uO7HApLz0:OQXMG4GQm4OaHYJ8eP4D5uOHBBQ4KaIU
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ffRichMediaViewV1release773chaction.js
- Size
  
  859B
- MD5
  
  7a2353b1ede376986ac0e2505c310869
- SHA1
  
  7314dd20edfdfc3c9d0fedef93734e32a2bab99b
- SHA256
  
  3c1cfb8a7625e53f55d2fdf5b80ee18ccbba4fdb7883b85ae44a44ab5f4a95a8
- SHA512
  
  e063263db972b21070366aa91ea79f6f7b610a134564dba55d3df459e0e87e3b04391fe02ff826aaf528b1566088de9d5d1edadd38c26c3539ef8a05d1a106fc
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffRichMediaViewV1release773.js
- Size
  
  762B
- MD5
  
  c443d627f3753f1e07af1810312920ed
- SHA1
  
  b0d1baa0ca45b31df7ea00b0e65972612de20ac0
- SHA256
  
  d226bef401c0d4a5157816ecf9510d94211a6aacc272a1a55e6e545a34ff9284
- SHA512
  
  eb01bd895d5f78f934ef3ae1e3bf57b637aec3be2fa8802989ad111f350b6bc0ad30af33bdabde182ca852467a48d34dcd1f293bb6758f4265043ec224a0e870
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffRichMediaViewV1release773ffaction.js
- Size
  
  698B
- MD5
  
  33d0f0dae422aeffe9d2426a33854a90
- SHA1
  
  f7727fe2bbfdf66221ba75d0e41770436e12880c
- SHA256
  
  4b79998209f00987f24be3186a3a61c33d7f0e3aee2bad430b807036fb9a28f7
- SHA512
  
  3cb928311b100cc3c9df6d28131194c5a10a34d49d0788cdacf9baf5f9a5cd3aa89ffe2ab8547f828e8006d6f18ec6168b7ebeb145f453fdb6885dc20c01d175
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  ie/RichMediaViewV1release773.dll
- Size
  
  85KB
- MD5
  
  03342e55b911e7375609bc5ed2681d44
- SHA1
  
  5de9642ca3dca454fe167cc097a348975b1b6a08
- SHA256
  
  f357146d46bc1c5bb797ee5e9be7d9f9ce2688d11d4ff515d11c8c0732629e73
- SHA512
  
  f4feb85da4b69c8871f16a87f53dd48c109235bc1138c307c99c2060cd259ef041f4061cd8d6c7cb00637bb031c6135a15b711e041eff8c1335ed1cdab618b9e
- SSDEEP
  
  1536:Dkf9Csc+EE7Msd5N60GlVk8jkrwrOnqLhPLlQtFldBZ:E9++EEwsJ6FlVrOnmatFlt
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  289KB
- MD5
  
  26558c2ecae4ebfa87c68e3cf253eac2
- SHA1
  
  96ed265acfa385dd6a71928f731e55c8a37fbbfc
- SHA256
  
  b13d1bfd00c1a9960969e734c4eb7cf33c24c22eb0a5760576208b6eae7cd781
- SHA512
  
  eb81546bb299fd796ec852f33186e9febc6cc708a7907a6549954ef80aa46f9167f7ee1bf75399af3bb6bfc7f42083e7700f400f1990f7de10f743873a93ceb2
- SSDEEP
  
  6144:Ue34NpRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm/:gpq4OaQQTYJ8eP4/L5uO7D3f5BC
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  567KB
- MD5
  
  450753ad96785a240a39deccab3af0d0
- SHA1
  
  21c544064d2ffa6444508268ce258a330d459fc5
- SHA256
  
  1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3
- SHA512
  
  c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab
- SSDEEP
  
  12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU
Score

3^/10

discovery
behavioral15 behavioral16