Overview

overview

7

Static

static

3

019b9a8a7d...18.exe

windows7-x64

7

019b9a8a7d...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    019b9a8a7ddb01c484bfcea7bc2ed9f2_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240426-zb1lasbf63

  • MD5

    019b9a8a7ddb01c484bfcea7bc2ed9f2

  • SHA1

    93254b370bcc8d01f13c7d53addc219fd685fe13

  • SHA256

    2417cbbd8b26d8278d90e73b653d756d4159117a92ca2e519f80df8a9b4fd04a

  • SHA512

    d377c6e45eb441a4756e80d4e9b569d10e0e8b820a2029ae5b4b5eedb97fdadd4dcf3609823778f008e24405a282b900dc2e44c3e7632adfc581e82a28b651a7

  • SSDEEP

    24576:qXql1zqNGTlWbNDjqMx0XVNw7zsceeZkv9+oCDKDIAeYrRGEG:qXql12uWBDjqpXVsBpZkF+oTDbeYrRTG

Score
7/10
adwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      019b9a8a7ddb01c484bfcea7bc2ed9f2_JaffaCakes118

    • Size

      1.4MB

    • MD5

      019b9a8a7ddb01c484bfcea7bc2ed9f2

    • SHA1

      93254b370bcc8d01f13c7d53addc219fd685fe13

    • SHA256

      2417cbbd8b26d8278d90e73b653d756d4159117a92ca2e519f80df8a9b4fd04a

    • SHA512

      d377c6e45eb441a4756e80d4e9b569d10e0e8b820a2029ae5b4b5eedb97fdadd4dcf3609823778f008e24405a282b900dc2e44c3e7632adfc581e82a28b651a7

    • SSDEEP

      24576:qXql1zqNGTlWbNDjqMx0XVNw7zsceeZkv9+oCDKDIAeYrRGEG:qXql12uWBDjqpXVsBpZkF+oTDbeYrRTG

    Score
    7/10
    adwarediscoverypersistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks