General

  • Target

    8aa81f9aa3613af4332d52005d2261eb_JaffaCakes118

  • Size

    657KB

  • Sample

    241103-kzt14asrgj

  • MD5

    8aa81f9aa3613af4332d52005d2261eb

  • SHA1

    614ae99d1e0233f23c932b8369910bbc54107a82

  • SHA256

    d10e1285bc293a1116937d9ea5b291874d99c715465355cb02b686f5b8a600fa

  • SHA512

    9563cfc11e8bcbd11b7af3088152e3c48aa2e40b53e0961ccf7602f070ec18e98aee1f6815b926844f3cc37a312e236449bd8c0e8174a3a6aa08ac9b778a9579

  • SSDEEP

    12288:AbsttJoG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BXq4kaBQTcJ8ePx/r5uO7zU26OBQ:AbsttJoG4GQm4OaHYJ8eP4D5uOHBBa4E

Malware Config

Targets

    • Target

      8aa81f9aa3613af4332d52005d2261eb_JaffaCakes118

    • Size

      657KB

    • MD5

      8aa81f9aa3613af4332d52005d2261eb

    • SHA1

      614ae99d1e0233f23c932b8369910bbc54107a82

    • SHA256

      d10e1285bc293a1116937d9ea5b291874d99c715465355cb02b686f5b8a600fa

    • SHA512

      9563cfc11e8bcbd11b7af3088152e3c48aa2e40b53e0961ccf7602f070ec18e98aee1f6815b926844f3cc37a312e236449bd8c0e8174a3a6aa08ac9b778a9579

    • SSDEEP

      12288:AbsttJoG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BXq4kaBQTcJ8ePx/r5uO7zU26OBQ:AbsttJoG4GQm4OaHYJ8eP4D5uOHBBa4E

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release353chaction.js

    • Size

      859B

    • MD5

      8f5af05d473976f2e81ad1e1d2ceb352

    • SHA1

      c2a2160b7e3cc61e04b38fc3f206f1be56fe749e

    • SHA256

      934cce7b1a73ced403486c9c6425e519e8cb28f54b2412f644bbed5f3a69bd4c

    • SHA512

      53b1ba3fcd8476353916cfe263fb891fcd370a9f978fea5d371d7ca9d8783204f18ae38f2e32937a8a6141a2ad5109f157c0d1c2419dd7c2c0c39721509be317

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release353.js

    • Size

      762B

    • MD5

      f992ed8cdd43db3f9d2828a6b3599b7a

    • SHA1

      c94d949aab03649e45d4e96afe6cd22874cd13f2

    • SHA256

      3ae0230b038cfad2deb3d7f2ba17d70220ac5d872afc9b276066fa0cf14decc9

    • SHA512

      375f96cefdf7351cb91ca22db5440726c0041e912292a6cc1929e6695830dbb2df34d530f53439207aa7a43d0ea7d88aadb26ea8645b47191719964f688ac583

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release353ffaction.js

    • Size

      698B

    • MD5

      d64397b286238193d5a190de20f2ffb8

    • SHA1

      7be07d08c3bc0351caf3ba5a834e2072c40e62e9

    • SHA256

      74a1652db6fa392e26225e9da5106ff93945c38563c81cc769e0c381bf0e3bc8

    • SHA512

      29391cab5b7fb29a731d1a2f0dc8a2b98fa3da0978eed01194aca263b53a9b2faf5a7cfbc89031cb2908d284c39411f2cdfc72716ac08e79e023df4e995b0214

    Score
    3/10
    • Target

      ie/RichMediaViewV1release353.dll

    • Size

      85KB

    • MD5

      67d595700fb888cdec0d49b7164d6a86

    • SHA1

      9f990a60babbb31c47fa4f8f78c055dbfc968305

    • SHA256

      c591ca0f9d185893064d27e2461c4c20c4e50e554bff31eb7c981652f69d66aa

    • SHA512

      56f6cf910c04ab51b89ad5a496195cb564f11b4e17a8ada9478f8795d48ccc7fdc0cb28da9e4ae45d9e095accc84f927fe770b2e7827010d0798ea728c17e62e

    • SSDEEP

      1536:Qkf9Csc+EE7MsV5N60GlVk8jkrwfunqLhPLlQH1kdBZ:D9++EEwsR6FlVfunmaH1kt

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      a5f0d3765480e250bcccb965a5a720dc

    • SHA1

      5f3d2f4754ec3c68c0cf8a1c97af7a99a41ffb7e

    • SHA256

      bba39a4a37ffac162c004c65a2d49e7a4436e7fa29fa58664ade0a825b17850c

    • SHA512

      148dec740c695e361fc342b1956991abbe019d8800572d0a3e99d2f2a3392fafdfb220173af20b581b083f51e3e7554d185d3d081ce4595e04f8fcb0b904be56

    • SSDEEP

      6144:Ue34vPRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm/:uPq4OaQQTYJ8eP4/L5uO7D3f5Bq

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks