140f6d18134e2769c63f1ac6834f79dda4daf5c2e8463faa567ad935eb94bef7 | Triage

Sharing

General

Target

19f96777f45ec0af8bf1733b44942829_JaffaCakes118
Size

910KB
Sample

240628-nr2yhszfpk
MD5

19f96777f45ec0af8bf1733b44942829
SHA1

19c5742302b1c068c93c4db01116cb9c850de888
SHA256

140f6d18134e2769c63f1ac6834f79dda4daf5c2e8463faa567ad935eb94bef7
SHA512

3a6e9a7d7b37a24901f10e088d714903db5a2fee8ee5283e5486193ad62e96b4d17ef1c66052a2ed3553c0c2e46351443a9c07c0bbdd94f2f1947af610787847
SSDEEP

24576:Orq4MCKWh1Le/1igYs+d/noNAbR86S7Vfeu:Hwhoi8o/noNpTVf3

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  19f96777f45ec0af8bf1733b44942829_JaffaCakes118
- Size
  
  910KB
- MD5
  
  19f96777f45ec0af8bf1733b44942829
- SHA1
  
  19c5742302b1c068c93c4db01116cb9c850de888
- SHA256
  
  140f6d18134e2769c63f1ac6834f79dda4daf5c2e8463faa567ad935eb94bef7
- SHA512
  
  3a6e9a7d7b37a24901f10e088d714903db5a2fee8ee5283e5486193ad62e96b4d17ef1c66052a2ed3553c0c2e46351443a9c07c0bbdd94f2f1947af610787847
- SSDEEP
  
  24576:Orq4MCKWh1Le/1igYs+d/noNAbR86S7Vfeu:Hwhoi8o/noNpTVf3
Score

7^/10

adware discovery spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $R0
- Size
  
  625KB
- MD5
  
  6f1f975788de072cd665f03164be1c63
- SHA1
  
  c78dda52e6999ff3abf6756b3149fd8da95e3f9e
- SHA256
  
  2040f0442c8aef7c4b93b5b4adc75af8fbfd937e9225e13cf875d65906503fc8
- SHA512
  
  edf166a6ca25963f45b2e3ca2139808ae83b9c8c3e421477092001aa39e3c48d319b4d4ac650412cc1d8c4ba722949d237bb23d03726d14d8fec5ffaace98be8
- SSDEEP
  
  12288:iloaqcBXVQhJFHr46AhFgTwjqqvI1agYKzKhXWyVt22BG4SrHE4z8mCl/Lr:WKVZONcPJet2X4SAa8mC5r
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral5 behavioral6
- Target
  
  $R2/NSIS.Library.RegTool.v3.$_12_.exe
- Size
  
  6KB
- MD5
  
  9d3774fd43b3240b688cd1c8752b5a89
- SHA1
  
  d009aa63e5611126509bc9f03d664078283c32eb
- SHA256
  
  7a58862a73fb5086521e02d4035922cc82d59aa6df84e158a7cda2dc4a220f13
- SHA512
  
  c33756a0e46d2e08c6febf1149815c97a91e8c80af5f7527a27cc168811a485cd96c005d22206723af6d68b7e1c618650fb47e50e5e5e6a2760d894201f9f9fd
- SSDEEP
  
  96:RpjBD6jwVqfhDJr/cqaSHpbvDf2h61x8GvzbT4:/jBD60Vi9Jr/GmTjYIhvT
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8