General

  • Target

    JaffaCakes118_1b27c24a5d7f74cdded69c5ea5f49c76

  • Size

    634KB

  • Sample

    250630-zd4qqsgl6z

  • MD5

    1b27c24a5d7f74cdded69c5ea5f49c76

  • SHA1

    08cba8dab94b6f3e3629099c3cc5295ee809f285

  • SHA256

    1d1b4c38efe40cff4582aeb0da19895a65fd5370f21bae11ac2098f2b7db93bb

  • SHA512

    a224feb870e158afd261619e7504005b81d634fe904ec53d4b5024623c0bf5f2a7a7497bfae7f38015ca0bda3fe67bfa1adb68a1311a85c0021e8042de733e7c

  • SSDEEP

    12288:DMhiyQG4GjeZHkwuPikQ7lKH5p5H9x1GeZHkwuLi5QhlKL5pyCsQzdjVWA:DM6G4GjeZEXi37l6Br1GeZEjiuhl4qCx

Malware Config

Targets

    • Target

      JaffaCakes118_1b27c24a5d7f74cdded69c5ea5f49c76

    • Size

      634KB

    • MD5

      1b27c24a5d7f74cdded69c5ea5f49c76

    • SHA1

      08cba8dab94b6f3e3629099c3cc5295ee809f285

    • SHA256

      1d1b4c38efe40cff4582aeb0da19895a65fd5370f21bae11ac2098f2b7db93bb

    • SHA512

      a224feb870e158afd261619e7504005b81d634fe904ec53d4b5024623c0bf5f2a7a7497bfae7f38015ca0bda3fe67bfa1adb68a1311a85c0021e8042de733e7c

    • SSDEEP

      12288:DMhiyQG4GjeZHkwuPikQ7lKH5p5H9x1GeZHkwuLi5QhlKL5pyCsQzdjVWA:DM6G4GjeZEXi37l6Br1GeZEjiuhl4qCx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home595chaction.js

    • Size

      829B

    • MD5

      72612cea66f61da3f48e76f42f415da5

    • SHA1

      f22152179ae7742a3faa6f4c56625912bc1ae9e6

    • SHA256

      5c4cb1e1971bdff72ffd7950a84f8995aed43aad6e4becb614382cd3a9e3a9da

    • SHA512

      94bf941637ad0f977735badb8d79ac4e30bab7b9672d29b066d4dbd4c146d7f250502bbf5c5d15c9d2a9a4d470af2e3e895844bcc21eed6c6ea9ffffe8301334

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home595.js

    • Size

      744B

    • MD5

      12b0692e59f52133ebf3a6e55fc34559

    • SHA1

      581413f83e25bb6af58c09d77e219f21ee53443b

    • SHA256

      d1d16d4b2dc27cc8485b055051b1021f43330df8edfed6975bf62edba5e58079

    • SHA512

      e7a68e885c2f64c7557f4415794e2670eada6fea8c2e6baf19c3b278ca110abc2ce3f28d340a5a17ef7663c255e51a805a55679a6c9e826fd61f93002cd690fe

    Score
    3/10
    • Target

      ff/chrome/content/ffMediaWatchV1home595ffaction.js

    • Size

      674B

    • MD5

      816fa87d1bf3fef072e5a2c76cca08e8

    • SHA1

      20375b553b8c1d0c6a83f4f8aa1889d666e3070e

    • SHA256

      49925b1740d1eb6e6b03c4914affdb3aa7c58775e35689fa56f2f351c2538335

    • SHA512

      28c1c14947d39dae65fbcd9964c3c764026616768ee91c5fd33aa3647b5930e919dbf1498afe01b7ed92a237062b89f592b252722c6c992be112e9abdde98c17

    Score
    3/10
    • Target

      ie/MediaWatchV1home595.dll

    • Size

      85KB

    • MD5

      5b02a10bddb961979bbfffcd32a21e94

    • SHA1

      2c551394f6a79a11dc6fb09887e911bb7c54573e

    • SHA256

      0e220e2207c71f6a30713a8ba35f405822221bc55b1b2a4ac4f97d4e4347dea9

    • SHA512

      71b8fe269152977f5703ba6bf2cf28bdeb7c21301108c81d64d192d38ffd24424229e3629b31464428930806a76e51b1282c2d173f82e0472b08f04457a13452

    • SSDEEP

      1536:hn/1CsEmkaMAXtahrOb8DktliHA9glQ0xwJ1:B12mkaMA9ahrOligua0xo

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      a56142205f77d6bc7342f79b20611512

    • SHA1

      bfe57ba7b6c529e0f9138bce597893e271e79a3d

    • SHA256

      1ffd057a7dc233d1f33e2af73ffaa237035f37ead29787f6e71c7170170ef257

    • SHA512

      061db6874028876c7c4db6a7b8b00a4a7390851f1f76ebc2856d416553a7fdd20520d74a67035580647632501b57edab8d0371049578977db53e1229b7de3618

    • SSDEEP

      6144:Ee34kXpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1p:R5eZHkwuPikQ7lKH5p5H9x1p

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks