Overview

overview

7

Static

static

3

inst_ymsgr8us.exe

windows7-x64

7

inst_ymsgr8us.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    26b6571b39536bac02d5665ee44c8385_JaffaCakes118

  • Size

    10.1MB

  • Sample

    240704-3yr48aygmf

  • MD5

    26b6571b39536bac02d5665ee44c8385

  • SHA1

    f7641040e7bdc94838625870623584f44834e457

  • SHA256

    bb0caa1e5d9739afd8e214d4feee198688a2c08d5fb6655e6be33c2432d15422

  • SHA512

    b08b7b5b01b0665f76289302bfdb0073d139b8cd4f692723091ca362dbb05870d5f8d9fa9a180db7d53820b7252eadd2df0586cdd90a01843bdd041110e6bb20

  • SSDEEP

    196608:H0efLsLDD4msXHx9BLk9uTbZ5KPAMTWJkUvG5uANKfaH/LV95/:HJfLsT4msB9BL6uTbZ5KoMiJH6u6vd

Score
7/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      inst_ymsgr8us.exe

    • Size

      10.1MB

    • MD5

      2bf5d21c3e64c07c6bf0689152e45b4f

    • SHA1

      ca3a715dcb5174fcc19e46a36d7a9502c86e7578

    • SHA256

      c195918122161f4386220f088a712e5c85d34626b21bce5b6fb5587356aef83a

    • SHA512

      4e5f0b2abcf8cdba7ae131d36b26fba09f81b95ac2245cb2a7ca4e6d308a4f3866b4aebfc8cd045d31b65f7cd550a7ffec43a0530be169d2e49d0e2265e546cf

    • SSDEEP

      196608:E7sSVNctnXOWYLbLff3658vHHVOdKwRQ3QYxK9aEDsnGzXdJx5V:E75VNcBOWYzff3a8vHHVOswm3jOaExj

    Score
    7/10
    adwarepersistencestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks