General

  • Target

    66d40c5a35a707bb69872cea946182c5_JaffaCakes118

  • Size

    689KB

  • Sample

    241021-ql4k9sverg

  • MD5

    66d40c5a35a707bb69872cea946182c5

  • SHA1

    a3d159336681dd796b049126116c2a64d96e719f

  • SHA256

    2d4ab6858aaea34108f13d276a0c6de0b784f4e8c451f344c552dd2e739db949

  • SHA512

    e7a607631058a08ff5433c3cf70ec33174c3915ffa1bcf4440ce422da0a579685dcf3ee2e8c28505aa1733876d72651171dc7ad5c65f7473ad3e3affb428d4ad

  • SSDEEP

    12288:dgMCqHxEJ/BG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxD9jeKuVcvrD+N8yLwwi0:dgM9xENBG4G37tUnvone83Z76bMHxRte

Malware Config

Targets

    • Target

      66d40c5a35a707bb69872cea946182c5_JaffaCakes118

    • Size

      689KB

    • MD5

      66d40c5a35a707bb69872cea946182c5

    • SHA1

      a3d159336681dd796b049126116c2a64d96e719f

    • SHA256

      2d4ab6858aaea34108f13d276a0c6de0b784f4e8c451f344c552dd2e739db949

    • SHA512

      e7a607631058a08ff5433c3cf70ec33174c3915ffa1bcf4440ce422da0a579685dcf3ee2e8c28505aa1733876d72651171dc7ad5c65f7473ad3e3affb428d4ad

    • SSDEEP

      12288:dgMCqHxEJ/BG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxD9jeKuVcvrD+N8yLwwi0:dgM9xENBG4G37tUnvone83Z76bMHxRte

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    • Target

      ffTrustMediaViewerV1alpha3700chaction.js

    • Size

      869B

    • MD5

      0a2cf0bc79517ac9a434c70b76d364a7

    • SHA1

      14c4731e53a5ddcc270dd06f3eb3b1ce064b199f

    • SHA256

      35418a33cea1568a69eabf71ec5f67efff8425e2b8e66deb1fad998dc2e66d57

    • SHA512

      2f53dd5aa4d4bc53565e211ada04f4bea85580a9b59cd4447a5f3004ff684ed193560da2db81db7c218d0f7e834f300b68b82f386c1c36888f5f377c6ac2b4ab

    Score
    3/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha3700.js

    • Size

      768B

    • MD5

      ce321112b170941179a56c31e74b3500

    • SHA1

      df23b63600e63d6ff093c3e7dbe797289cfc7b61

    • SHA256

      294e690b3795db785168251d91795fbffb1d5b29365c07954656c1daf08fb8f2

    • SHA512

      09b7166d6ce36c4d6b5bdee14a340970a19cbaab2bee28c744b0d8649b92e00e5cd0aaf970aac3ff863daa524519534d5cd400319cca7dbb9b3d92fef0861cf3

    Score
    3/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha3700ffaction.js

    • Size

      706B

    • MD5

      e3365d03764757648c477feee7f0d605

    • SHA1

      2dadd5dedff2cdd5a15c9416dabef096300909c4

    • SHA256

      84de82864504e682a19e27a27b5d3e57d0a2e86f4bcb555c1b62b2ad6cc2282f

    • SHA512

      7ad996a8dd8f5d666003d77e324d211fe1629570791512c66dd68bebb6e6fe3d127f72c6412974b3596d8b3d05977930fffc7a8426154bbd78185ae14d2359e1

    Score
    3/10
    • Target

      ie/TrustMediaViewerV1alpha3700.dll

    • Size

      85KB

    • MD5

      af58875644622d1eed04eb3033e2ef06

    • SHA1

      9ffa1143bc61a0b4cd385ddc190d7687bf158770

    • SHA256

      2c027487275fcb894a2ac54a905b8de81d1d85aa8d69e78e7f4f18260126c114

    • SHA512

      f8a275c2784f7d99066dcc6c4af777a654ff8e6b0a899f3d3351bde5341677c04d5a7c4757ae8dd708f32d5b4b4da59e5e52ff2f20e723f48c3bdf01319ead9f

    • SSDEEP

      1536:wpMGCsQis4EnvtKx+kNp8Dkhy518DOslQTfAjlx:tGais4EnlKx+kNhy5uDraTfAj

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      ie/TrustMediaViewerV1alpha3700x64.dll

    • Size

      100KB

    • MD5

      5604fe61065a91cc3318a663f4a8c3bd

    • SHA1

      e3f50c91b0f66323364fc8ebfc049c21820785ef

    • SHA256

      669b69b413a8d868fe575d25a729a70abed11560fd4ca0c66cdb033918ad8116

    • SHA512

      2a35c8b55ec5fa7cda4cbbf8d98831e0be03af97522fa216395f7c446d166fc1772bb3b29643cf154c7078cfde80b90b8cdf8af273ff93639510a9050c802442

    • SSDEEP

      3072:zBjCnTZPzGSRzBHsQnTfGNAjXOSWfzQBT+LF9mj:zNCnTZPzGAlHdTONAjTYvm

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      33bacce234a66d7bf8ac5aa50f73d857

    • SHA1

      5083ec2179b37abf8787db8f3431351c40382817

    • SHA256

      9c62399696dc3bbd97b289141ecbac87235fa6c5774cb688b4df4d5ad0e9a546

    • SHA512

      09e0d475ee4723a4ae8857715edf73c6b66b93ad5114bc0b4f6f0631648f91287f3a0664efac0abedcc12d4df0c3b1b906d3a0107191689edf369cdeb6968c61

    • SSDEEP

      6144:Ee34ecjKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEx:XcjeKuVnvon+N83LwwiAn6KkM33nxDk

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

adwarediscoverystealer
Score
6/10

behavioral14

adwarediscoverystealer
Score
6/10

behavioral15

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral16

adwarepersistenceprivilege_escalationstealer
Score
7/10

behavioral17

discoveryspywarestealer
Score
7/10

behavioral18

discoveryspywarestealer
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10