47ffb920fceccd76781e0b05fdf7782bd79077966935cefa93ecaba606217fea | Triage

Sharing

General

Target

2556f32e581ce57bc019fe8c9dd22af9_JaffaCakes118
Size

361KB
Sample

240704-ksvztavgqf
MD5

2556f32e581ce57bc019fe8c9dd22af9
SHA1

a014297528533c3766fbf6dc66c19545f03ad874
SHA256

47ffb920fceccd76781e0b05fdf7782bd79077966935cefa93ecaba606217fea
SHA512

7f166a4a83d9b4148d2c4983d10b3099b2dcd33eca54cad6821da44d2dc3a19bbbc4f792f9bec6f8a526fa88f204d4d4ebe22fbf3e40d4b8751295846099c928
SSDEEP

6144:WX0pFWpLmRK8GV3aIllFdgfW9fO1Mg8LamHH5hMs/XzCgPqTWLLtbjZaqi:PWpLhV3HjFCfqfELF6HssPzCgPqTWLLC

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  2556f32e581ce57bc019fe8c9dd22af9_JaffaCakes118
- Size
  
  361KB
- MD5
  
  2556f32e581ce57bc019fe8c9dd22af9
- SHA1
  
  a014297528533c3766fbf6dc66c19545f03ad874
- SHA256
  
  47ffb920fceccd76781e0b05fdf7782bd79077966935cefa93ecaba606217fea
- SHA512
  
  7f166a4a83d9b4148d2c4983d10b3099b2dcd33eca54cad6821da44d2dc3a19bbbc4f792f9bec6f8a526fa88f204d4d4ebe22fbf3e40d4b8751295846099c928
- SSDEEP
  
  6144:WX0pFWpLmRK8GV3aIllFdgfW9fO1Mg8LamHH5hMs/XzCgPqTWLLtbjZaqi:PWpLhV3HjFCfqfELF6HssPzCgPqTWLLC
Score

7^/10

adware discovery stealer
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  997ae296af5b7ca9aaa52f6844075439
- SHA1
  
  9814f0b09219ac2eed875d842b9362c3b32bec6f
- SHA256
  
  1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8
- SHA512
  
  a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349
- SSDEEP
  
  192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  32465a07028b927b22c38e642c2cb836
- SHA1
  
  309cac412b2ecf6a36f6e989c828afcdd8c7a6e4
- SHA256
  
  eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292
- SHA512
  
  9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff
- SSDEEP
  
  192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsBrowserOpt.dll
- Size
  
  357KB
- MD5
  
  24f6bd871e1e2970b0103409a1353743
- SHA1
  
  fe694649a60d9cfa7556bf97fb552763d72edb2f
- SHA256
  
  255f6485877b34f24b7d52847cdaa519385ddaf0d6e5e433d2331133bea55b90
- SHA512
  
  518a4274a35c1b68751801b9cccfd9cfdcc72a98fb0ea5e1411cb703c3cb7bfc8f99577e4e75aed7ca8996d19a8bedaa4fac30651c82a965b39697ee194c315a
- SSDEEP
  
  6144:lVPt3f0o84MQ9TvAalLw4Qqh+rgsg1FGUjPWeyk7MtRa3TByd4kDbpsmEGf47:lVPRso84MQdAalLwtVrgsg1FGleyk7MC
Score

1^/10
behavioral7 behavioral8
- Target
  
  $SYSDIR/cont_coolblueads-remove.exe
- Size
  
  99KB
- MD5
  
  aa3e85010280be2efac3ae7f55f36e23
- SHA1
  
  d8dc17711d337a9c81695ec31e7abcae33b00fc9
- SHA256
  
  53d374ec1bb11c708bbd646e3b2c31c0525e910580e9f589291f263837f68aec
- SHA512
  
  42d4050a6f41fbef831eb98385c6bdeadb9f0848d48226ef07eccc163c27cfd6a5ac23b3231eb81a4cdc56e313dcfbb01877fc20a1749117d3283bbf424226e0
- SSDEEP
  
  3072:Wd/vyWmJtkAscJdpDILoRxQHUxe6Gg9m+mDbAi:WX4kAsFo/qUxe6GgUhIi
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  117KB
- MD5
  
  cd6e705cc6992e869f488ab211ac37cb
- SHA1
  
  c9c71edd929c15bcf5ee286d4a9e9259d1590eb5
- SHA256
  
  44e729371099650904bcd5db0af7fdad6ffc01e336ae464f0bb151f329175292
- SHA512
  
  460173bbcff640721e54bb403e1f46d274e649a9db7d3b83d009a7f00354d434874dfdc009679e98cfb05548801b9eee78c25fe17b083fac396087ad3327debf
- SSDEEP
  
  1536:G8jeHR5cxDyiJu+Sp3o7lCNj+fgERBNxOtyg5Fu/oZSY0vXuHznnULYU455YQ+5:tZHK4Z2j+fP31gu3eHTnULB455y
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  997ae296af5b7ca9aaa52f6844075439
- SHA1
  
  9814f0b09219ac2eed875d842b9362c3b32bec6f
- SHA256
  
  1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8
- SHA512
  
  a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349
- SSDEEP
  
  192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  32465a07028b927b22c38e642c2cb836
- SHA1
  
  309cac412b2ecf6a36f6e989c828afcdd8c7a6e4
- SHA256
  
  eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292
- SHA512
  
  9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff
- SSDEEP
  
  192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax
Score

3^/10
behavioral15 behavioral16
- Target
  
  $_5_
- Size
  
  367KB
- MD5
  
  c89d0d7a8ef333885c0e1b7111b98207
- SHA1
  
  7e3359747c4e24d8837d54d07ca8cd262ac47b63
- SHA256
  
  1b2d1feaffdda22dbee1d1707bc8ec316f5bd4e60dbfca6ae5371fa853c069c3
- SHA512
  
  6f7452cab9ca215983c6c16dd865697b883cc4414f67c76ee9a077f8c30270604573b7bdfefc71547fedb745ac9cfedc7afeb6fc439d6cc5da1d32be3f29929a
- SSDEEP
  
  6144:bpmLyd6vqO97hVrQuVSWbUoU4A8IZO7mnNYLL4g5TBkjr+mDyMl2FaM:bELV9dq6Ujc7mnIsg5Tejr+mWM8N
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18