General

  • Target

    JaffaCakes118_1c81cb14076cb5249794d4e060466d9d

  • Size

    657KB

  • Sample

    250704-x4yw3ayjs5

  • MD5

    1c81cb14076cb5249794d4e060466d9d

  • SHA1

    d0c5d4d69fe92fa31ef9fe092ffc719dce0135db

  • SHA256

    f3fd39c48d1d3295a16db35edd8cd7dd371f7315442978dfbf5ba1a03b6c052a

  • SHA512

    3bdc40d3821635f76e4b6d0b3fa58cf7b96b42dcbd847a79e1262676bc8c121224a9c16d8e7b00f73feb00c4f92d84ad8edb74bfe7985f775eb8ca9f3a645bca

  • SSDEEP

    12288:fuuGcmG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4WarQTwJ8ePB/p5uO71U26eBa:fu1cmG4GQm4OaHYJ8eP4D5uOHBBO4Wag

Malware Config

Targets

    • Target

      JaffaCakes118_1c81cb14076cb5249794d4e060466d9d

    • Size

      657KB

    • MD5

      1c81cb14076cb5249794d4e060466d9d

    • SHA1

      d0c5d4d69fe92fa31ef9fe092ffc719dce0135db

    • SHA256

      f3fd39c48d1d3295a16db35edd8cd7dd371f7315442978dfbf5ba1a03b6c052a

    • SHA512

      3bdc40d3821635f76e4b6d0b3fa58cf7b96b42dcbd847a79e1262676bc8c121224a9c16d8e7b00f73feb00c4f92d84ad8edb74bfe7985f775eb8ca9f3a645bca

    • SSDEEP

      12288:fuuGcmG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4WarQTwJ8ePB/p5uO71U26eBa:fu1cmG4GQm4OaHYJ8eP4D5uOHBBO4Wag

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release3501chaction.js

    • Size

      864B

    • MD5

      f84e41cdce8f24efbe18167392871926

    • SHA1

      f3a0aa65fcbfaf45468af47a1936daa2d76eaf28

    • SHA256

      3cb4e5c3c5679bbb59b8c8ec0c64ffc554299be7d7fa2ec80fc7e0698e8af29f

    • SHA512

      700d405de67fef276e96e906fdbde0ffe3af816f8da45fbde2807b36d7ac830157c9c598a5dd635cee055fe648ed00906680deda402d2cbd6cfdce3c180acb35

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3501.js

    • Size

      765B

    • MD5

      a460dd1326d358f9934bcee5eff4c26b

    • SHA1

      324ea5c2e887b91da331393876d08f09b5be21d5

    • SHA256

      62bacd4ea3ff8db9763d956fa201efba856c4defe44e51fd7b7b1946098ed213

    • SHA512

      295f1371ab96aa90fcdf9c9bc830d78edbff962270e1f4aa27cef21249af1c8c1f7a1afede9a62fb663ba44554a7cf6f6d680dd443130bf6832d7aacaa18a8da

    Score
    3/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3501ffaction.js

    • Size

      702B

    • MD5

      4a83c39074cc570e02651cba35304893

    • SHA1

      07fa7de9f54513688d21a58dec8fb8b8844d8d40

    • SHA256

      ff8f781242170c1e3309b13ed5408c7182bad4e255b133bc28ff0170b13353cf

    • SHA512

      9664e095aa597d948ebb62f2ceef2b0ef70a6054f6a13836686f84b15c7b6c3f5abea612f82e99828e37e87f5e6e224c8221c9666594929fbba5ad49678ff183

    Score
    3/10
    • Target

      ie/RichMediaViewV1release3501.dll

    • Size

      85KB

    • MD5

      9318307e11fd7e77eebccac4b0478f2e

    • SHA1

      3ba3229c5717316ec93897c8bed9a713ea4bc6f3

    • SHA256

      0032727d396ea2f7931437621ce02c48e012b581a4a4341f287f861615192464

    • SHA512

      597026da17d0d5ec25446912d6d349a3824108fe43505a5cebaa0960e390fc110cf4d2f338beb33ef4e2f4a5a3a45d5ea20d59c5bae947a61e4b58f90bf65229

    • SSDEEP

      1536:PhMWCsgyMIwP/t6hp1ZcTkrCdsCTfLlQvJWKS:mWKyMIwP16hp16sgavJW3

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      8c9fedb9f9ce3b1ae37a7e6427baa1a9

    • SHA1

      f7d5647d707ab402e52c4367d536dfe464fa717c

    • SHA256

      a41fe5537952849b83495eb2345db8180e5021fb23815f76ab3167d5a5021e6c

    • SHA512

      be3f19ecbba756e803d64e98e32cebf6654fb7cddf68866239ada377d867d39d9b3e2f9ed741d6922e23fd500fe3944ebe7e0d42952e1aae6d46a974f81e7f93

    • SSDEEP

      6144:Ue34gERg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmd:lEq4OaQQTYJ8eP4/L5uO7D3f5Bg

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks