General

  • Target

    8a5461c282a0bc262779d6b2625cb17e_JaffaCakes118

  • Size

    657KB

  • Sample

    241103-jg2sjsygmp

  • MD5

    8a5461c282a0bc262779d6b2625cb17e

  • SHA1

    b23751542e6fa77efb155e62b63f53cb45d6d1be

  • SHA256

    fe2affe598f41fd5371f82cd80e58fa2b1f9e956897cfbd1164490284c11affb

  • SHA512

    f55c2e8ea6322d5bc316e5ed8a7f55ccde9d931dcc7454e322cbb6b8fa5705e7664181cfed22da924c1dbc2dc52773f919a81447da9a8507a61d81ec80c61090

  • SSDEEP

    12288:Ph3EzVUAfG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BUq4ca7QTgJ8ePN/P5uO7GLvHf3:Ph3E7G4GQm4OaHYJ8eP4D5uOHBBJ4caa

Malware Config

Targets

    • Target

      8a5461c282a0bc262779d6b2625cb17e_JaffaCakes118

    • Size

      657KB

    • MD5

      8a5461c282a0bc262779d6b2625cb17e

    • SHA1

      b23751542e6fa77efb155e62b63f53cb45d6d1be

    • SHA256

      fe2affe598f41fd5371f82cd80e58fa2b1f9e956897cfbd1164490284c11affb

    • SHA512

      f55c2e8ea6322d5bc316e5ed8a7f55ccde9d931dcc7454e322cbb6b8fa5705e7664181cfed22da924c1dbc2dc52773f919a81447da9a8507a61d81ec80c61090

    • SSDEEP

      12288:Ph3EzVUAfG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BUq4ca7QTgJ8ePN/P5uO7GLvHf3:Ph3E7G4GQm4OaHYJ8eP4D5uOHBBJ4caa

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release41chaction.js

    • Size

      854B

    • MD5

      434f7e1954ea6689e39a17b855f7c3e2

    • SHA1

      354f2c5d22a944cdc79e7d397edb6039270027f4

    • SHA256

      e0e81ef01815d35b520ffe9fd697665f0d143997e9601e27aa639060630a69fb

    • SHA512

      ce0de36741ce3c65d2e0e35c1dcb1855b7a95a6e1fa705e89688e5f626b7ef570af3e25e09d5a7e4ecce668bef791bff2e2102b2ef4a93cbd3ab34325f3ddc92

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release41.js

    • Size

      759B

    • MD5

      0dd8f41d112fd5e7e957069340e00a38

    • SHA1

      e3b91c7fd39e761569911fd80ce6788964a0c7f2

    • SHA256

      482bf9e3c18e573c703c949e51b54f16fa35b1526a767d1ed96254b65b8586cb

    • SHA512

      acdae787ec175f9e03e33d5dddf18339bb8e9b7f8a445093f1205f90035fd533055f5d91e4bdc85b167bc14785937fc54f9239b2264da0bfdb11adbf3e782de9

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release41ffaction.js

    • Size

      694B

    • MD5

      c82daa857020dfab33d9f55cd8eba3ba

    • SHA1

      f2552eaf7fdf4a05c517f9f268493af62c8cc1bd

    • SHA256

      1e56ddd71666bbba4abaa526d8ec111d437ee8514c3adcb4c25a20f0e280ec59

    • SHA512

      61c9aaab6367776042321cdf0ef18a1fcafae8148af290a01cd40b3097bc5fe74466f1a2cae22d51974cf39e0a9aeafa950c8a84118dfc4b8800868d4ce417e4

    Score
    3/10
    • Target

      ie/RichMediaViewV1release41.dll

    • Size

      85KB

    • MD5

      f66e5afa3a292fc969e47de78a4db4ff

    • SHA1

      4278af774fb9a332237daeed49c1c2e700151955

    • SHA256

      5c29570992e2dd5f6b5c56d3717d3b811f7ec4c487aec16b4ce04b2d5b260010

    • SHA512

      6522256913444ac587625f7606ef25974f4dfc8bfdc8d51d3f3621b7d1a14755825092b57d0f2e0dbee37ca77ae15242ed68cf8a6bff86e730725577ca19a8ae

    • SSDEEP

      1536:Lc/9Cs8ekkcEDtqJ6Zk8DkOZxnLlQcpzUpY:U9eekkcEJqJ6ZbZxLacpzn

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      73f5af3478d19c75bae4b3606a72e660

    • SHA1

      a3e6e1007b682883941c0be60ab53a69582ec9b2

    • SHA256

      5730773df77de262e64c327dbc84fd38c2f14617a9fabbbde3a474af65812b72

    • SHA512

      ca94e16a05a3f81e0269316040127e337d4243e6e40c7f5601417d8ef4fbd919974aefb5167a601ab9af789624868da4976ce55d6bc8ac176936d5280a31a0cf

    • SSDEEP

      6144:Ue34QRRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmh:NRq4OaQQTYJ8eP4/L5uO7D3f5BU

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks