General

  • Target

    8aaedffe9969273c9fdeb81e49cfa896_JaffaCakes118

  • Size

    657KB

  • Sample

    241103-k4zr5szhke

  • MD5

    8aaedffe9969273c9fdeb81e49cfa896

  • SHA1

    95e5c56577ca6e556c8e9d9015e0f21d7d9fe7f4

  • SHA256

    9656882d948302480c7d65eef0404e6936e4d09c20ea4313950d689e98546ae1

  • SHA512

    0c620f817ccdb106ded71596a2f2901ae718bde82b2cd194955bee824a1d6f926745c50ebaf36af1990ff451d7bee013d2502011e36a407e40db70c22a2f4c21

  • SSDEEP

    12288:btKZA/DlhG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BUq4Ga7QT2J8ePP/Z5uO7FApMU:btKm/DlhG4GQm4OaHYJ8eP4D5uOHBBJT

Malware Config

Targets

    • Target

      8aaedffe9969273c9fdeb81e49cfa896_JaffaCakes118

    • Size

      657KB

    • MD5

      8aaedffe9969273c9fdeb81e49cfa896

    • SHA1

      95e5c56577ca6e556c8e9d9015e0f21d7d9fe7f4

    • SHA256

      9656882d948302480c7d65eef0404e6936e4d09c20ea4313950d689e98546ae1

    • SHA512

      0c620f817ccdb106ded71596a2f2901ae718bde82b2cd194955bee824a1d6f926745c50ebaf36af1990ff451d7bee013d2502011e36a407e40db70c22a2f4c21

    • SSDEEP

      12288:btKZA/DlhG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BUq4Ga7QT2J8ePP/Z5uO7FApMU:btKm/DlhG4GQm4OaHYJ8eP4D5uOHBBJT

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release239chaction.js

    • Size

      859B

    • MD5

      109aa910b654e6b2a95284b74cb7b701

    • SHA1

      a5b12cfb1b3e115d5ca88ef1e51728bca52dc9e9

    • SHA256

      28b3a7699f682cd543885ee50efd4f7bc51ca4fa4d522f5b7e7b58827539f764

    • SHA512

      6a42dddfb57f8dafe0cbf543a9c0f3cad80ba257832d67c8e4dc8f694c77e1e88c4012d76d138328d70982dc899ec011873349786e94825c1b2cadd226ab722d

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release239.js

    • Size

      762B

    • MD5

      031d493d6e92ce6b06a620d4ce755b24

    • SHA1

      b6c76916c426be0966e2d2081bd478580b5671fe

    • SHA256

      6a08faa8bedf9c68d18c7558ad8e9e846ae80a0852deaf10422f1bd6d77bfeed

    • SHA512

      eb24c4d2925cc72fce9e53a666205610fc11bd66c96364e54ca4699760f679da41a986f7b1307766281a51157b6d0f6ebced9fe8b44f141bef7e23c1d879ec11

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release239ffaction.js

    • Size

      698B

    • MD5

      f08128e05983313c4b51a94c3aa5cf23

    • SHA1

      47eeb8a3745be4cbca01d7400b8d9330bb3907dc

    • SHA256

      358de416bc466169b3cdb565f9ab40f18e7447b04157c879636bf0a2279c5ff5

    • SHA512

      7d655dde9dff61af4a4846b7e665b85479fcb38c7fbf20d000f071e9a3dfe8d714a48acb92dc3bd8a87e44c0461af2a0e3ff67952072c7bd95dab27746f2c6f5

    Score
    3/10
    • Target

      ie/RichMediaViewV1release239.dll

    • Size

      85KB

    • MD5

      df4fef0d5c12cc052cc6c2457c7f5d90

    • SHA1

      32ec3d295841fa8fcf5e0985e525b2299deb78d1

    • SHA256

      634660b511f16a43c068976b83952eb4864ca8ce40fbbb8387e4a43a5b767e27

    • SHA512

      e3da0306163d4809d34be9c2b0731f92da20d6a8ec7594acd99cfaddcc521f3948d172505e47186f73ad04178c0719fefab58b668fac185b8d5a1dc8e8ac30bb

    • SSDEEP

      1536:zkf9Csc+EE7MsV5N60GlVk8jkrw7nnqLhPLlQZbJNBZ:U9++EEwsR6FlV7nnmaZbJd

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      9f53a17d157be0018da18e7ff06f7022

    • SHA1

      53e33ed129836df8ead6ca238593f9f7d6c94bc1

    • SHA256

      24661f6a96148c65749380a0125c4df4b0dd8d1bab96d849a94af1b146a03e78

    • SHA512

      8585233ad2a668e3dff6902f33cc5970485c21f9c3f97153a7001b492a5ab53927d2aaea0d6d7cf7596c2993ad58274ea2b5fc3b52c600ffb600951da97174eb

    • SSDEEP

      6144:Ue348SRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm8:BSq4OaQQTYJ8eP4/L5uO7D3f5BZ

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks