General

  • Target

    664c42bf0e2cc2176217f3e2182db399_JaffaCakes118

  • Size

    634KB

  • Sample

    241021-lfsjlazfnl

  • MD5

    664c42bf0e2cc2176217f3e2182db399

  • SHA1

    47b2b9ec3d84ac4860035f3e3626069b3289d630

  • SHA256

    99f10d54a651ca8c96ab99a74bf195436559891fb970adb1a6c3012f0fdc64c4

  • SHA512

    5cc7a211edff788f027f91d5f51b9b35fa9c76b91d004318817d0b6b977fe02731a669227f98384557b726986afbfabf07574c3d7cdcbf999ad240ac95461c28

  • SSDEEP

    12288:uq4ueNXG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuTiBQVlKz5p9xl/lfr:u8e9G4GjeZEXi37l6Br1SeZELiGVls15

Malware Config

Targets

    • Target

      664c42bf0e2cc2176217f3e2182db399_JaffaCakes118

    • Size

      634KB

    • MD5

      664c42bf0e2cc2176217f3e2182db399

    • SHA1

      47b2b9ec3d84ac4860035f3e3626069b3289d630

    • SHA256

      99f10d54a651ca8c96ab99a74bf195436559891fb970adb1a6c3012f0fdc64c4

    • SHA512

      5cc7a211edff788f027f91d5f51b9b35fa9c76b91d004318817d0b6b977fe02731a669227f98384557b726986afbfabf07574c3d7cdcbf999ad240ac95461c28

    • SSDEEP

      12288:uq4ueNXG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuTiBQVlKz5p9xl/lfr:u8e9G4GjeZEXi37l6Br1SeZELiGVls15

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home299chaction.js

    • Size

      829B

    • MD5

      e488f283799633d3b5e368b261cd6a45

    • SHA1

      eef451c35ee3e98f301ef66cdfa8b8b8e967c23b

    • SHA256

      78a916d145f88ea708f37fc30f77f2a6f828f48e4690f5b117dfa293dca9fecd

    • SHA512

      1c4d30fcb4eac4bbba087104291a1e9a3674a822a74464c07030ec41e28bdcfa956e00c24664d38f7c73ebd48c196dff2f34902f7163e1b3e6d6a58ac6a0957d

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home299.js

    • Size

      744B

    • MD5

      18835e51680170f04a0912b8501dc780

    • SHA1

      35b33f42cbb0687dbebedb8d6b39ed934fa42357

    • SHA256

      7b9e6a2ddcbba2b93f9420b6ea97e8ef0f6af8601350fc9584bb171156a7e78c

    • SHA512

      5720b332dd9e2fdbbebdbb63e40900ab8083497e5a51f3d6fb94a89b69dee2f7efc6d39fdf6404c171bd9056f30b76115b62f4c623df284b48351bf3c546e38d

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home299ffaction.js

    • Size

      674B

    • MD5

      5a39026b7025b0b4de06532a60f1e9db

    • SHA1

      41ceb40a4c9c52fe9897ccfa3accc3e3a7d690ca

    • SHA256

      21f592cf0683a3759d7122020d2d59b155a295ddad12e78f633cda0d3bedcb9f

    • SHA512

      b9d494f2deff95873a9ab8a27c25f053434cadc61909d88a4d0b0bb61ffa374ee4bb34c8af3b8b92ec513c58a40724e4f472623288cf2255d03075ebd573a79f

    Score
    3/10
    • Target

      ie/MediaWatchV1home299.dll

    • Size

      85KB

    • MD5

      6fa93ab6264b0ffa5e7579972ef7384a

    • SHA1

      cbd71315e840cb1d1408a1b55aea02dedef637d7

    • SHA256

      0688d2237b7945192a01fa91043fca6c0b89231d689458869dbbadb122f64639

    • SHA512

      1fb6289dabd0a26253fc4c1984e12be55bd141dacd1183e65e24a2362914f18dafceb898eda3e2626a3571dfc7f8d48e09d40c577a00bc3895f3911874b6fb29

    • SSDEEP

      1536:wn/1CsEmkaMAvtahrOb8Dktp+HA9glQaf+gN:k12mkaMAlahrOp+guaafX

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      26eb316f716620556cb40c4ee6427d19

    • SHA1

      502f9078f863f9e9e1b62bd708be63a1883b3afa

    • SHA256

      f8163ae9d4586db7a8c0c0f2ac1123d92b63c04948b0e9b2974462460d7f574a

    • SHA512

      25984b788ee70c4d0b6a23fa4663ed284546145c8b1f677ee1412cb3d962b3f8eec45406ec2d19120f9308e672abf2371bfc603ad2ec93fcc0bb2fcf613196e9

    • SSDEEP

      6144:Ee34NMpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x11:YQeZHkwuPikQ7lKH5p5H9x11

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks