af1bbb21e8744b9572c291304b98064e9842572d92bb67d4e4e3c9ffdf07781e | Triage

Sharing

General

Target

38c7b3a1e607aed753b35b78a105b029_JaffaCakes118
Size

417KB
Sample

240711-mq3b8asgqn
MD5

38c7b3a1e607aed753b35b78a105b029
SHA1

c3a2d3d83fb4e29c03e6cc5c34a53ae34cc792d1
SHA256

af1bbb21e8744b9572c291304b98064e9842572d92bb67d4e4e3c9ffdf07781e
SHA512

78df751971b3b28c7180ee80024c727adbfd50a500043a95dc1723d7e4866f19722207af9d9bd663c2a4d3424dcb0799082fb3284c1e813ee0fd1e4ec86ce8d4
SSDEEP

12288:Dr1WiLwWEaCmqp43s39OHCkM4ch8eLZDPK6w:9WOt2mL3s3gbMoi1w

Score

8^/10

adware bootkit persistence stealer

Malware Config

Targets

- Target
  
  38c7b3a1e607aed753b35b78a105b029_JaffaCakes118
- Size
  
  417KB
- MD5
  
  38c7b3a1e607aed753b35b78a105b029
- SHA1
  
  c3a2d3d83fb4e29c03e6cc5c34a53ae34cc792d1
- SHA256
  
  af1bbb21e8744b9572c291304b98064e9842572d92bb67d4e4e3c9ffdf07781e
- SHA512
  
  78df751971b3b28c7180ee80024c727adbfd50a500043a95dc1723d7e4866f19722207af9d9bd663c2a4d3424dcb0799082fb3284c1e813ee0fd1e4ec86ce8d4
- SSDEEP
  
  12288:Dr1WiLwWEaCmqp43s39OHCkM4ch8eLZDPK6w:9WOt2mL3s3gbMoi1w
Score

8^/10

adware bootkit persistence stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitpersistencestealer

behavioral2

adwarebootkitpersistencestealer