General

  • Target

    JaffaCakes118_1c66760117459bd605bdcc6af8dfefe7

  • Size

    657KB

  • Sample

    250704-vj15ksbm5w

  • MD5

    1c66760117459bd605bdcc6af8dfefe7

  • SHA1

    e5dee8af5ee02467c52fc0457af6c42c03e7fd8a

  • SHA256

    c4150d7bc08e91b702afcb15dd7761217a74807714ea6cca3c3520b708de2974

  • SHA512

    86a1e0bc7b915354b87204c84893c3165747284115c64b8a96fdf5df3490c3568a17ee1a31d825ced15fde50ceb81245c43cf88b56052b4796b6189989f21886

  • SSDEEP

    12288:LuGFBEeylUZG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bjq4GanQTcJ8ePx/Z5uO7dAp5:Luc/G4GQm4OaHYJ8eP4D5uOHBB24GamN

Malware Config

Targets

    • Target

      JaffaCakes118_1c66760117459bd605bdcc6af8dfefe7

    • Size

      657KB

    • MD5

      1c66760117459bd605bdcc6af8dfefe7

    • SHA1

      e5dee8af5ee02467c52fc0457af6c42c03e7fd8a

    • SHA256

      c4150d7bc08e91b702afcb15dd7761217a74807714ea6cca3c3520b708de2974

    • SHA512

      86a1e0bc7b915354b87204c84893c3165747284115c64b8a96fdf5df3490c3568a17ee1a31d825ced15fde50ceb81245c43cf88b56052b4796b6189989f21886

    • SSDEEP

      12288:LuGFBEeylUZG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bjq4GanQTcJ8ePx/Z5uO7dAp5:Luc/G4GQm4OaHYJ8eP4D5uOHBB24GamN

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release505chaction.js

    • Size

      859B

    • MD5

      3a394a085fa3d7316efbcd5f29e7fc7e

    • SHA1

      71ce64f849a8f2feec13cc9f0b588273d0013b46

    • SHA256

      ced383fa506cd328cb658c1ed3b2708260c786a6e2ee27cf989907338ecbdd96

    • SHA512

      580744a86d72a40aeeaaa56c48af3d6557db2721acf66c0c7f314ed3cceb6358cb0c4c153e058135b7010190bb71e10dc8e2d91b6b306844dea9da3a3454aa83

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release505.js

    • Size

      762B

    • MD5

      1a0f546e400021e3c571c5dda6f82c1d

    • SHA1

      7e6aff02a3f64481dbf1fd14494ef8ffd9210ef4

    • SHA256

      e8201ae3019e4de29fe519d48dcd0af030c7101bddd0001c4e5343db4e58a214

    • SHA512

      d4e5ba852ad759081cf2d4c2a8d1e4fb7855fc9b6692b0d6da5c457933d5fa91ffb7e0c062ac9e32dc07edf9b50053efcab49383e2fde9cb4367b610c4a3341a

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release505ffaction.js

    • Size

      698B

    • MD5

      d4a9618234d02822ea65f13ed4ff1ffe

    • SHA1

      194f9a438a1d7fc0e15e100c6589dbb351b3aec2

    • SHA256

      f1f68d9605117e90eb5e06e5b845dac1f8357ef6593c9fc1f84f1010e1c0d9e8

    • SHA512

      63c5f1e1658d315e71b6fe1527c65c7188dad180158a42feeb5984e723c0afc67ae4050f9067d900f0c127b887f5b5f25600b857ff1541715cb3af77897eae05

    Score
    3/10
    • Target

      ie/RichMediaViewV1release505.dll

    • Size

      85KB

    • MD5

      d5c1122b15ecc4c61c786ff0071647b6

    • SHA1

      c15fdf33bf077e6ce9d04c5298301c73c053f56b

    • SHA256

      746e7c5f976b333af0f52973b0fb4734cfe8ca9969f0f664c432c47854a1d33e

    • SHA512

      960e090282c7d90dc0e158a8aab8a7e324f8760ca0f08811cf218765c8135b686f5f5cf908c13633fba2afc9577445c5e74bafec315edfd7455b3220a6c6c1f0

    • SSDEEP

      1536:akf9Csc+EE7Msd5N60GlVk8jkrwYNnqLhPLlQHrgtBZ:N9++EEwsJ6FlVYNnmaHrg9

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      56a3872e43cc3d9a5ee00a4c0bc74300

    • SHA1

      b02ca4c97e11326ee574488780c3cf8cb7c6010f

    • SHA256

      c3b9ba3cc53c43795773757351375e59625abc86475422574b26a42d660809ef

    • SHA512

      8d2d0e366e1a47e8e4686e18edc648aa0fac125438921079853cd9a4f7bdb66e44566405ca3e2813936bed8512638da3a36b17d085876f3552c40a42f04619b8

    • SSDEEP

      6144:Ue348jRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmK:Rjq4OaQQTYJ8eP4/L5uO7D3f5Bz

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks