General

  • Target

    65f8d3fb1baaf1431a715998885ea08c_JaffaCakes118

  • Size

    634KB

  • Sample

    241021-h8staavclb

  • MD5

    65f8d3fb1baaf1431a715998885ea08c

  • SHA1

    f8b1cedff80e91c69050ba1d98c0ac7bdec1a472

  • SHA256

    7f7b3dbd163736a5ec869920d47e17d0b47e64271a353e5e9b12062d276fdfe7

  • SHA512

    921c68a8199394aa0cc21dbb146e52e9e10957d99d1270ba2b953e242615d278b074429d2d7eb39d4ac4474be814dba45551f4b3966b0815f788c94bf8b60718

  • SSDEEP

    12288:pZbIu70G4GjeZHkwuPikQ7lKH5p5H9x1weZHkwuLiDQTlKJ5p+xWlfL:pZb50G4GjeZEXi37l6Br1weZEjiMTlm5

Malware Config

Targets

    • Target

      65f8d3fb1baaf1431a715998885ea08c_JaffaCakes118

    • Size

      634KB

    • MD5

      65f8d3fb1baaf1431a715998885ea08c

    • SHA1

      f8b1cedff80e91c69050ba1d98c0ac7bdec1a472

    • SHA256

      7f7b3dbd163736a5ec869920d47e17d0b47e64271a353e5e9b12062d276fdfe7

    • SHA512

      921c68a8199394aa0cc21dbb146e52e9e10957d99d1270ba2b953e242615d278b074429d2d7eb39d4ac4474be814dba45551f4b3966b0815f788c94bf8b60718

    • SSDEEP

      12288:pZbIu70G4GjeZHkwuPikQ7lKH5p5H9x1weZHkwuLiDQTlKJ5p+xWlfL:pZb50G4GjeZEXi37l6Br1weZEjiMTlm5

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home2606chaction.js

    • Size

      834B

    • MD5

      7dab90c10d9e85dd5e50104abe9b50e8

    • SHA1

      d1abe6bb15301ad5196e10519c20d398ac9e0fa8

    • SHA256

      ad18590cdd03dbfe3ad57fcabefb0e56cd133ab4458d5b8c258e496287a14016

    • SHA512

      46d9c2460e3f7af655e986ac5b12ae949be4ece2c9413886ac43688aeedddea8d4df7235339cafb0df540524e77a8e0bacc88e353b8583873455f616ea16227d

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2606.js

    • Size

      747B

    • MD5

      1d305e29170025f5715100ed253c2873

    • SHA1

      eedb13207905721c30ee7e6e8900e5123bc4be2e

    • SHA256

      edcdc0dbe37f40a33366575a1c8a99b51057279e5c244bb5054502cc445f77eb

    • SHA512

      44ecee09d03046bde231a806cda9d19f981a4f785f4f8bf70fe92bc0e516b570fc47fe6a71275dcb3e83513b9c7e71e8ad9c8bbeb680aa8764af6cb79de4dd57

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2606ffaction.js

    • Size

      678B

    • MD5

      b113875c2779a239bb5cf6df158b8ea8

    • SHA1

      12a0ecdf4e71d8a4145382a56050116ada3a62b6

    • SHA256

      61a40c46ee35bedafbbc1be192b85777b1d4964d3b9e84516a393a301f1d7d83

    • SHA512

      66ece2cb70c0a800ba458e7d4b6997d39279d59e2a674f116d3899017955a155e08b73e4a429a8354ef21deef1492e3dd8f496f6f8843483d687680f18966ffc

    Score
    3/10
    • Target

      ie/MediaWatchV1home2606.dll

    • Size

      85KB

    • MD5

      513e48fd87f7e38b730e34a784c1c61f

    • SHA1

      46bbeac3d1d4fdbd67762e9e5d6023d5e03324dd

    • SHA256

      6ca2c45789308c3c60c06bb353f09ed223e715332906219dd561001c9f93d379

    • SHA512

      e44fc2ab345bbf31786675255a83a9bbfbfd30bb76d325528167a1557096b06498e04a645032e4b5b7ade797897ee862f88fbcf0edf47d09336e20166e8f7d94

    • SSDEEP

      1536:e8/1CsEmka04RhRtahrOb8DkhWeVHA9glQMrIh:p12mka0ElahrOpVguaMrI

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      aa79eb6140e05b8eecf2e24ac9b9f746

    • SHA1

      f1508121aa90f0777bb9c51ad20b96f16a41de51

    • SHA256

      88b3bfcd44c4172e0326e8a531cb7095aaeac50b6a00f801365b9c0e49c02380

    • SHA512

      82b04de19a2bf75cbff7d76ee6d8af1ec3e4f0e1631c2dec0ad49fe1a83646598ae43374614bc793575eefcc6b434ca7918fe18b6faa55ccf4255db00b299487

    • SSDEEP

      6144:Ee3465peZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1s:b/eZHkwuPikQ7lKH5p5H9x1s

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks