973176de938bbf50ef01a3f63f3731bd96c0e256e1ebc7a7ad9af2a34ea5fe4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0ebc36bda07f8da4e86a1e835ea1495_JaffaCakes118
Size

92KB
Sample

240415-na1n5afc6v
MD5

f0ebc36bda07f8da4e86a1e835ea1495
SHA1

2dc5124fd83780a019e51adcc2aebd0ad64af6dc
SHA256

973176de938bbf50ef01a3f63f3731bd96c0e256e1ebc7a7ad9af2a34ea5fe4a
SHA512

7547f1b90149957c64755bd92cd1002b031c450174a756c83dbf402f89ce82496b09601a2bf393b26a80e0c44238525e0b4de990489cb9794d21e31afa9866be
SSDEEP

1536:SryXJii77NkVK+1nmeR5MA7jbmyzhoNqk4lQdZo9XeYWn2ha2zvztzi:SryXoifNkVpsQmNqkSztzi

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  f0ebc36bda07f8da4e86a1e835ea1495_JaffaCakes118
- Size
  
  92KB
- MD5
  
  f0ebc36bda07f8da4e86a1e835ea1495
- SHA1
  
  2dc5124fd83780a019e51adcc2aebd0ad64af6dc
- SHA256
  
  973176de938bbf50ef01a3f63f3731bd96c0e256e1ebc7a7ad9af2a34ea5fe4a
- SHA512
  
  7547f1b90149957c64755bd92cd1002b031c450174a756c83dbf402f89ce82496b09601a2bf393b26a80e0c44238525e0b4de990489cb9794d21e31afa9866be
- SSDEEP
  
  1536:SryXJii77NkVK+1nmeR5MA7jbmyzhoNqk4lQdZo9XeYWn2ha2zvztzi:SryXoifNkVpsQmNqkSztzi
Score

7^/10

adware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2