General

  • Target

    8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241103-k47sratjfl

  • MD5

    8aaf1d86a72c368a9829b612d821bc21

  • SHA1

    ce40e0e028dad42efa6328187675d53afa9456cf

  • SHA256

    a82813a2a0b36112fc4564ad643fa5718f2753bde00d635539b85768b765353c

  • SHA512

    01f4f6ab8b535008e6037271ad38285a31adb903a6063dab0ed8c8a8b57c3e596e5051581f532c0ce5bd356f8e981ab5bb1d282cd7991b79bf3c5b4d555cc9b0

  • SSDEEP

    49152:7V1YhUv9hGbwAjpdtT13aGgU6pF6mLFI1v/Hji9z2oFkZbDvNiGvi:7vYh+zuwMa93VOHj9oFk1D0G6

Malware Config

Targets

    • Target

      8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118

    • Size

      2.3MB

    • MD5

      8aaf1d86a72c368a9829b612d821bc21

    • SHA1

      ce40e0e028dad42efa6328187675d53afa9456cf

    • SHA256

      a82813a2a0b36112fc4564ad643fa5718f2753bde00d635539b85768b765353c

    • SHA512

      01f4f6ab8b535008e6037271ad38285a31adb903a6063dab0ed8c8a8b57c3e596e5051581f532c0ce5bd356f8e981ab5bb1d282cd7991b79bf3c5b4d555cc9b0

    • SSDEEP

      49152:7V1YhUv9hGbwAjpdtT13aGgU6pF6mLFI1v/Hji9z2oFkZbDvNiGvi:7vYh+zuwMa93VOHj9oFk1D0G6

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      fa5beae80dba254fb6c21b58265f5310

    • SHA1

      f2f776611dbbb157b151aa744a7e0be1d4b8c079

    • SHA256

      34b8a2130729064ca2f9b3b8e6f90d883d84662156b648a4eeccefefc3473269

    • SHA512

      7c74b9e9f1ff0665ffd6fcf76fca462d9f4fbd7c4a215bc67b419497ef4c3cb9cede6c5b0803cabb316bc5391c4c6f0d578d36e1094b8ed326b140f8e272b538

    • SSDEEP

      192:06JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTZK72dwF7dBdcQOz:06JaVh4I5rpPbTZ+BdhO

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      7eaad8c651cdeb4a71355b10dbe8d17b

    • SHA1

      1ef6cf4f98c7f20238e548dc6cdb270b741cfe8b

    • SHA256

      fad96602241e65daeef96b559092e7efa2c3b68948a65f1bd7f126b9963df468

    • SHA512

      6f7867774bfd82b1d12d0db5479e9539440ebfc6fee54aafc4381edea8fdccb89a9521a60b5f907033c147c805e6f541ec534c56bfe5f7354c55ca04df5175b9

    • SSDEEP

      48:SnHsOVN7ZTPUptxEwvB3UAKxwLJXyTpXfaV4MOa1n8iwuf0//nDGkaEJPof5MKIM:Y7ZDGEQ3zLJX6d6pOun8iwY0//npEO

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      6b85b2ff78fe0e04b5f0d4e996f0d62e

    • SHA1

      4507dee0b963080cbd75c383fa4650c7b99907dc

    • SHA256

      c7a033bb91be5487d93cc402d27e4e893ba39b37a121f60c9dbef5bdf02e52e7

    • SHA512

      84cbe4c2ecefd5eaa01ba5c1063056aed5f62a6ced32876c591bfb2bbe8688a020d02573a5f419cac2362579021fe2b4c6abf7e5d619de8178028db49d53e84b

    • SSDEEP

      192:I4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12wgszA:IysdM80dCI5a2LsQ5IlPNRY00AlAMU

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      17KB

    • MD5

      09caf01bc8d88eeb733abc161acff659

    • SHA1

      b8c2126d641f88628c632dd2259686da3776a6da

    • SHA256

      3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478

    • SHA512

      ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa

    • SSDEEP

      384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk

    Score
    3/10
    • Target

      $TEMP/Toolbar.exe

    • Size

      1.5MB

    • MD5

      9a6c289af5711e3fa5a667106261530e

    • SHA1

      6781eb8ac003b8614afd39a697bcee44774c4cfd

    • SHA256

      8dc42315b31c963409c749ec9ffe0a1372012ca2c1096fe37bba86c0bbefb28b

    • SHA512

      1010af03473ae975ea9b7ab1947458d6b470ccf4f545782baac4814cc856559053a55ab420927bab44abc5197f6bc18296122481d97b96e3f0ccf76f9bf8a285

    • SSDEEP

      24576:jykCLM9FU4J0ds+lGJFAxqRK43dAa1JGTwNp8I+Ii/MhnlA51YADVIxZCFWtv35M:2knyUYsgGbdrdAa1JGTgWIysAZIfC4fO

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      content/ctoolbar.js

    • Size

      1.4MB

    • MD5

      81854c14179831516513c5ccb563b4fb

    • SHA1

      0dde6b3d92831f52cfba5e2e712b705252853d0c

    • SHA256

      bd9835b232cc0f137f185e926bb763e6b7c893951915491d636594ed12215a74

    • SHA512

      d84f80c19cba9db0adba2a0533004df7f47c1633d75228f8228b2f1e0cd8eb39827b606e1aed00bdaecab6c7eea47c167dd486d86074336dcd76a4f34c778a7e

    • SSDEEP

      12288:VGZpQqzSgRLigxe5GgUCT2IMsoMOtn93TDVjqgKnu9lw4M3:opQqzSgRmGgx2Xs3Ot93TogKnu9l63

    Score
    3/10
    • Target

      components/ConduitAutoCompleteSearch.js

    • Size

      12KB

    • MD5

      e0e9e9198ae40b8e6cfad7b3e2161607

    • SHA1

      2cf910c4c0aeefb02338e700b680047b76d96866

    • SHA256

      5071fe441676d6e9219655eda341fdb6ce6f4d69c30fc6650129ca8bd2d79789

    • SHA512

      0ba3666ea27a4f1dbd9e758f271cc9ec6956c7beacd76f4fb7d347b1a0091128fcb98761b12466dafd4a968925f460eb4f79bd309549b1aba7a7faa0929883b7

    • SSDEEP

      192:uk/M++iFddQBM8N3jvxpZ5HAwxkDxbUd0xT/ibv:ukEFiLdTOl5HAckDudh

    Score
    3/10
    • Target

      components/ConduitToolbar.js

    • Size

      3KB

    • MD5

      6ad947075cd7ba10c12b46f123af869b

    • SHA1

      51aa3b67cb9cede08d4195125105dc80ba36a5fb

    • SHA256

      e7bf78507ff508ac262141fb760506aa66d6ac247277563459fb869b2e8a70a1

    • SHA512

      f5b2fe59b7d062881cb4550b94cd0af0f6f9cb1280a35ae96b6a34476af80d5854ee52958e96d203ed57fba4cfb5f22ad477e9efc7e08501760a60a3c4b57b6a

    Score
    3/10
    • Target

      components/FFExternalAlert.dll

    • Size

      51KB

    • MD5

      d0a352aca3ad8730fe761238c3d58aec

    • SHA1

      1062b4d0e5b782d342ce914cc139645b9655a73b

    • SHA256

      d7787b19504cca0064f689b0fe28f98aa3e8d63f0f7db5bbcfb2186673a4b746

    • SHA512

      a9ede88c114cc520a291f401666960a37c4bd31d774272800121e3931cfff2b8ae72ca387f361438ba1fe423d69ea928e69280a5f872ac7cd529c3dc973d9e07

    • SSDEEP

      768:r6LJb2Im8e7+eV8J77AtaV2O2nn388ip0oaCoMCl5YRRG9s:r6p2ImiXcA2npKDRRG9

    Score
    3/10
    • Target

      components/npmozax.dll

    • Size

      112KB

    • MD5

      bb2fd4632cbf410c584bab0be026b733

    • SHA1

      da1433810446595bb38fdbc3a664ffb09e81d06c

    • SHA256

      1056248d3674adbc9e33e81f836a578b0e830c054da5a35723fe7072976c3ba6

    • SHA512

      541b333b24e5943ba7d8d5ca052b450138d51b915760dfa512e7403144738994995358ea0bc4304f7aa75e28b6a4a6cd04f608729d100bd6c5dce40f68d4a631

    • SSDEEP

      3072:fd8cpf3GOywbdopQzdglm4c0j9G9rAiYIH9Lf:fxe3wbdXdgRcoGpPjd

    Score
    3/10
    • Target

      components/nsAxSecurityPolicy.js

    • Size

      8KB

    • MD5

      c982f14a117ca444fcd4e558684e72ad

    • SHA1

      d349adb454d434939ad56937dfc6b77bc9bcd1b9

    • SHA256

      fe1cf8b6c350ce8b890ab8aa1c2e8441dd9c672b43439e6241bd90b63bee3718

    • SHA512

      8ce89bcdd31f3b8c529a14255f69c684216eaab44987612b094f1a2c2fed94fd43877caad56fb082eabf1e2de20870b9e681e2f2b04baf55fae1fa847a95b560

    • SSDEEP

      96:8HeHqTzNT0oIOyYDVvJR0zrvwby0eNPNEla0cOnJujv/abPHJ1F9jYuOonoDZt9B:vH0zNT0KyYJKFSSaaml/KgXD4vb

    Score
    3/10
    • Target

      lib/xpcom.js

    • Size

      354KB

    • MD5

      128c72f8fc25c9ddd5e0c436bcd6354b

    • SHA1

      85a6b490a9c9ddc648c78b5420b0994aa0b87e89

    • SHA256

      dad7560eaeadbd1058d9a3231d0eb412f651e26d20a6509182ab9be122610272

    • SHA512

      f652f4a7aaafc4273b94ecfd8e72a1f2e453247c524ffd1dbb21fe7a7670a58bcb1a1287f63108bb6b5c9c27c1baa782c417ff0f4f2e7aeb403c0af7a961f9e5

    • SSDEEP

      6144:fu1sGr8AmtUkG9pBTXgCHwchdjYcK7/rny+UIuB:21sGr8AxK77y+UIuB

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverystealer
Score
7/10

behavioral2

adwarediscoverystealer
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

adwarediscoverystealer
Score
7/10

behavioral14

adwarediscoverystealer
Score
7/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10