f83177f58f95776bb644a41fb46f5fb6be1eb75102396c74f0195e82e2ca93d6 | Triage

Sharing

General

Target

2aa87ab5ce413830ff83425b4f6d14e1_JaffaCakes118
Size

505KB
Sample

240708-cv1zvazgla
MD5

2aa87ab5ce413830ff83425b4f6d14e1
SHA1

df013cd708885824b7ab72583c783684ccea93db
SHA256

f83177f58f95776bb644a41fb46f5fb6be1eb75102396c74f0195e82e2ca93d6
SHA512

bd5af7f527945ab0d96a39355b85deec0eb85f29ae39dc32cacf2cf7288e3cb6fe8566828a5163c7511cebf94eb29db1bbb3f085647f5741a4a0933b467fb646
SSDEEP

12288:LQIbwgQ/hahneoN8LwIQMQa1nkGf4RDzDVWiewOdDP0:t7QahnMLHZQa1nkGfZBD

Score

10^/10

adware aspackv2 evasion stealer

Malware Config

Targets

- Target
  
  2aa87ab5ce413830ff83425b4f6d14e1_JaffaCakes118
- Size
  
  505KB
- MD5
  
  2aa87ab5ce413830ff83425b4f6d14e1
- SHA1
  
  df013cd708885824b7ab72583c783684ccea93db
- SHA256
  
  f83177f58f95776bb644a41fb46f5fb6be1eb75102396c74f0195e82e2ca93d6
- SHA512
  
  bd5af7f527945ab0d96a39355b85deec0eb85f29ae39dc32cacf2cf7288e3cb6fe8566828a5163c7511cebf94eb29db1bbb3f085647f5741a4a0933b467fb646
- SSDEEP
  
  12288:LQIbwgQ/hahneoN8LwIQMQa1nkGf4RDzDVWiewOdDP0:t7QahnMLHZQa1nkGfZBD
Score

10^/10

adware evasion stealer
- Modifies firewall policy service
  evasion
- Deletes itself
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealer

behavioral2

adwareevasionstealer