413e1290ac4c05e72922247fe1320021a0b2205bfe5c078d71f810cd52728e2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

423b82f9d31c45b9e4f21a4fd3d44a3a_JaffaCakes118
Size

30KB
Sample

240713-sprf8awcrm
MD5

423b82f9d31c45b9e4f21a4fd3d44a3a
SHA1

19df8a3cddc1749efaabc676c3a7fd166f09ce08
SHA256

413e1290ac4c05e72922247fe1320021a0b2205bfe5c078d71f810cd52728e2d
SHA512

7670fd62b6ac30dad5cf4f66f68c178cf814dae03cd55a7cda38dc9ed84b1f6db0fe2b5ae27fbbef5564cc0a082c594037661eef206637efcd13eed22efa4e3f
SSDEEP

384:lPeksTGGfqTuEhGXDRWthzA9Jr2bpdRKDF9fb/WsYUZP:lziouEhwDRWKJr2bpSnfbOsYUh

Score

8^/10

adware persistence stealer

Malware Config

Targets

- Target
  
  423b82f9d31c45b9e4f21a4fd3d44a3a_JaffaCakes118
- Size
  
  30KB
- MD5
  
  423b82f9d31c45b9e4f21a4fd3d44a3a
- SHA1
  
  19df8a3cddc1749efaabc676c3a7fd166f09ce08
- SHA256
  
  413e1290ac4c05e72922247fe1320021a0b2205bfe5c078d71f810cd52728e2d
- SHA512
  
  7670fd62b6ac30dad5cf4f66f68c178cf814dae03cd55a7cda38dc9ed84b1f6db0fe2b5ae27fbbef5564cc0a082c594037661eef206637efcd13eed22efa4e3f
- SSDEEP
  
  384:lPeksTGGfqTuEhGXDRWthzA9Jr2bpdRKDF9fb/WsYUZP:lziouEhwDRWKJr2bpSnfbOsYUh
Score

8^/10

adware persistence stealer
- Adds policy Run key to start application
  persistence
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer