General

  • Target

    JaffaCakes118_1b1e707ac0f4a8a0dd7f023a4f49c52d

  • Size

    657KB

  • Sample

    250630-y9qnbavm13

  • MD5

    1b1e707ac0f4a8a0dd7f023a4f49c52d

  • SHA1

    b53179eaa722e4d65f37a162af750b60cbfe0ea4

  • SHA256

    e0c7590e086d9cff2133dd4f1300726dd44137a8d2c30d1ca09f6009ff18acd0

  • SHA512

    b00b360568bd037fa9997dc578ea6964a3c45150927c792f36ad558efb4ee7e10262371154ba4eaea85dfb03a2166b5ebf75ed17b211229bc4331316cc956cb9

  • SSDEEP

    12288:88A102o1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bxq4ma/QTkJ8ePJ/R5uO7nU26lBI:88ADCG4GQm4OaHYJ8eP4D5uOHBBU4mah

Malware Config

Targets

    • Target

      JaffaCakes118_1b1e707ac0f4a8a0dd7f023a4f49c52d

    • Size

      657KB

    • MD5

      1b1e707ac0f4a8a0dd7f023a4f49c52d

    • SHA1

      b53179eaa722e4d65f37a162af750b60cbfe0ea4

    • SHA256

      e0c7590e086d9cff2133dd4f1300726dd44137a8d2c30d1ca09f6009ff18acd0

    • SHA512

      b00b360568bd037fa9997dc578ea6964a3c45150927c792f36ad558efb4ee7e10262371154ba4eaea85dfb03a2166b5ebf75ed17b211229bc4331316cc956cb9

    • SSDEEP

      12288:88A102o1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bxq4ma/QTkJ8ePJ/R5uO7nU26lBI:88ADCG4GQm4OaHYJ8eP4D5uOHBBU4mah

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release1506chaction.js

    • Size

      864B

    • MD5

      968796c1e48abf768923ef8df468c67b

    • SHA1

      1c779be25801db688892354e2d581ab285655ac3

    • SHA256

      e58f1c84b3278450b7bb5b7911873625bc0689490156b401ad0a04973b3a7a6e

    • SHA512

      ce27c71433aa35aeda07ae65d94e6f6fa86ce996d45dd2ac3af1bedc8e40c74f07c9d27e2d6e54fab2f39b5edd7c34ea4d630366244fc35ed7ccbd72f4b4d172

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1506.js

    • Size

      765B

    • MD5

      73b9afe94707e0f06e79776bf2627e75

    • SHA1

      e8acc261783138d69ae5360fff850c9c7219a370

    • SHA256

      564df8574ce92417a9117771adb7bbd9199df9f296c053167fe683c3762d9acd

    • SHA512

      673c5a583ae30e362e338a1640aeff35cdc31c95deb511aebe9f67f479a985e223edf3362279f9fa99c1ff26bca2bce28705336d6593a2f31452f1b7fbe374e9

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1506ffaction.js

    • Size

      702B

    • MD5

      13f829a64ff87e0507f81b1b3ff91bed

    • SHA1

      6b4dac36673f9d624551864cb9ed22cb27d68ea8

    • SHA256

      3a094fc806a5734cc02b552b32e256c935d4373757407d2f41b5c548ce0aab31

    • SHA512

      0aeb873437d49a3ff76f858bfbcc78fb788c85c630e7700d4f8d8d796e47f435788258b2237470aebb6e35802611019287ea0cb87cfce983f60d0982b0e5f6a1

    Score
    3/10
    • Target

      ie/RichMediaViewV1release1506.dll

    • Size

      85KB

    • MD5

      768bea2b8effe7bf7c95ecd19c4ce554

    • SHA1

      04de42ef9fedf8bc83d5f68e7b124a2ca0d2fb92

    • SHA256

      2604428d37042d9417b4db2e5fc48a2705d83199ec7dce457ecf55fe3744b767

    • SHA512

      d43f164fa5a70e8967516984f93175285f65b5bddbb4656d18700f14d43b5a7c9618b78364947a86e94a48ff41eed44abfa72e0e46eca6a49b35cac7c1a88642

    • SSDEEP

      1536:ohMWCsgyMIwP/t6hp1ZcTkrCXVCTfLlQ/vwKS:tWKyMIwP16hp1kVga/vw3

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      3525d3224e9bbcebbf70812d91e418d6

    • SHA1

      5a1f5e722569f37b0f6639ccaf02ec0f76aff795

    • SHA256

      82404218ee51e13dbcdca1d127a05d98791cc7eda2041ea46531d4d15682dfb2

    • SHA512

      05a02034a2fbea0b350461a1797bc17e4e85ecc33c019c57484cfc9057f164da4143954fcc4e6935296be42a7cd7c5b9da9bacbaa4e48cba8351b17dcfe96ae5

    • SSDEEP

      6144:Ue34bQRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bms:qQq4OaQQTYJ8eP4/L5uO7D3f5Bx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks