47956348c95fc18492263d5dafb3433b725357c6c6bdd38f76987d03bc8855e6 | Triage

Sharing

General

Target

0d1c7ecc0629882d0268f6e7221f26e1_JaffaCakes118
Size

213KB
Sample

240625-hrw5daydrq
MD5

0d1c7ecc0629882d0268f6e7221f26e1
SHA1

10f8de4be8188062680f124ea98c10ec4126382f
SHA256

47956348c95fc18492263d5dafb3433b725357c6c6bdd38f76987d03bc8855e6
SHA512

fd3564b63c6594f638ea713c91b840c52cae6177791a65f05411e4c6df508c156d9cee7d7462fbb46b5fd938a2d8f2926be449699bca970dade370e93a1f7895
SSDEEP

6144:AJfMKibIHQuwqk20Ii55die8A9+n0xiUsN0:2MNbIXwqWIC5AXH0BsN0

Score

7^/10

adware stealer

Malware Config

Targets

- Target
  
  0d1c7ecc0629882d0268f6e7221f26e1_JaffaCakes118
- Size
  
  213KB
- MD5
  
  0d1c7ecc0629882d0268f6e7221f26e1
- SHA1
  
  10f8de4be8188062680f124ea98c10ec4126382f
- SHA256
  
  47956348c95fc18492263d5dafb3433b725357c6c6bdd38f76987d03bc8855e6
- SHA512
  
  fd3564b63c6594f638ea713c91b840c52cae6177791a65f05411e4c6df508c156d9cee7d7462fbb46b5fd938a2d8f2926be449699bca970dade370e93a1f7895
- SSDEEP
  
  6144:AJfMKibIHQuwqk20Ii55die8A9+n0xiUsN0:2MNbIXwqWIC5AXH0BsN0
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  29459d9ee2bce32ed937fb1f965f9d5e
- SHA1
  
  8fff45ed45f3af8f8c248eba9a1c02c9c5fc911d
- SHA256
  
  ad07968b7d93ef19e10e1deb52e0c912e96dde30c0a49a0239daf176fd4c9ef5
- SHA512
  
  d4ef4eadb0f53e7086a1d242bf7f745ad79d83d9ecbfaa283cf0dd499271a804589a575040bb20d5c98e86197cc65ca05ab1a358c556ea82a3e297d0255015a6
- SSDEEP
  
  384:oKlm7i+c3QW6ckPhyDEaLnH2bbBBIXwZ:dqi8BcyhEhLWbbTI
Score

3^/10
behavioral3 behavioral4
- Target
  
  ActivationManager.dll
- Size
  
  316KB
- MD5
  
  6164c416ee87de9bc94d0959659ef008
- SHA1
  
  af826744ae550ac12e28652804c4a4c7abb1c370
- SHA256
  
  6201f6aa6ab2fa18892b0f5dea9d3146555edb3e05f7a0bb70fb6cb75ccc8536
- SHA512
  
  e0695f1b86fa6ab6b54cc099ae832e5b9599ec82d5805790601cdc5aa4e64c472ad96b9c03f88935bd73d55423efd03f4400bd2e6b76fdc289ddf7f3b23d6085
- SSDEEP
  
  6144:/CyTvLSsI305lHe5inMTLBv+3IC3UMOHfJ8jgiMVBbrxR8r90n6F3jPWS:K0SsI305lHe5inMTLBv+3IUcacDL7k9B
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral5 behavioral6
- Target
  
  Uninstall.exe
- Size
  
  61KB
- MD5
  
  0690952cd68ba63fbe8c2d6c9907ff8b
- SHA1
  
  28a37eefbdc32d20db29b3c9d1bf1bd6f37906bd
- SHA256
  
  2eb18b817141486dcb462a29b98490987f7d6be1f01c8d6f1ceb9e1c9be120ab
- SHA512
  
  958b3827dfa2d3f103a5038a2bd1ea837e0c3d1fc8bae5262c524fc702e96848cdff4f1b0e653af8ea7d931d0db01e1bd7118b8e735e8ddc925695327318a439
- SSDEEP
  
  1536:zUqBWUSFNrdN90DukJdqAELVig9LlLaLEYdVN25+Qw:AGW3B+DukJMAI0QLsNzQw
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10