20802dbd7a6399c0788d2a99ea9cfb299b3d5b4fc27268ee4d3cdad3b78f3959 | Triage

Sharing

General

Target

6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118
Size

1.7MB
Sample

240524-hrev4ahb5s
MD5

6dab619d97eafee6e9fc1e9748c2fab9
SHA1

3d6f68d73e691444dfe234638886a0acfc833930
SHA256

20802dbd7a6399c0788d2a99ea9cfb299b3d5b4fc27268ee4d3cdad3b78f3959
SHA512

00a57788b33d2480c85bdfa3fbb8abd919fc9cf3525b22ed813c4c7f6ec9a258a82b4617b1dee906907278eecf06895211143729ac19be0f2aeaf8b4611e7ad5
SSDEEP

49152:PQj/ZAP3uTKI7QMh2X1vg3pfHRYh3/Ph3gExTEc5V7F74P:PQjSv+KsQMh2lvg3ppw1g7c/Z74P

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  6dab619d97eafee6e9fc1e9748c2fab9_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  6dab619d97eafee6e9fc1e9748c2fab9
- SHA1
  
  3d6f68d73e691444dfe234638886a0acfc833930
- SHA256
  
  20802dbd7a6399c0788d2a99ea9cfb299b3d5b4fc27268ee4d3cdad3b78f3959
- SHA512
  
  00a57788b33d2480c85bdfa3fbb8abd919fc9cf3525b22ed813c4c7f6ec9a258a82b4617b1dee906907278eecf06895211143729ac19be0f2aeaf8b4611e7ad5
- SSDEEP
  
  49152:PQj/ZAP3uTKI7QMh2X1vg3pfHRYh3/Ph3gExTEc5V7F74P:PQjSv+KsQMh2lvg3ppw1g7c/Z74P
Score

7^/10

adware discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer