17d1f87dc231189cca63742440adaa94b9be19cec07d3589f15df7383eb2b4f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42be28036823b5ba4f9b63f7d28b27ae_JaffaCakes118
Size

70KB
Sample

240713-wjp8ratbrc
MD5

42be28036823b5ba4f9b63f7d28b27ae
SHA1

342d63db4526bd132f9f1b9bb4ac0ab8718673d5
SHA256

17d1f87dc231189cca63742440adaa94b9be19cec07d3589f15df7383eb2b4f4
SHA512

9a3653d2a0f85419d695026356c3341c331d9279bb1dba97bbe5baca43817098070115d715c7242098c9c5c3c3965d2e0ce37871973fc26b2bf0f663d810caae
SSDEEP

1536:SD7T6pcEmvNYZOYISWNYLPSau1grAY9UMFccyD7je8aXMDO/iBo/VbcJ:SG3mLYBWNgPSauMXCqccyD7j22u5cJ

Score

10^/10

adware evasion stealer

Malware Config

Targets

- Target
  
  42be28036823b5ba4f9b63f7d28b27ae_JaffaCakes118
- Size
  
  70KB
- MD5
  
  42be28036823b5ba4f9b63f7d28b27ae
- SHA1
  
  342d63db4526bd132f9f1b9bb4ac0ab8718673d5
- SHA256
  
  17d1f87dc231189cca63742440adaa94b9be19cec07d3589f15df7383eb2b4f4
- SHA512
  
  9a3653d2a0f85419d695026356c3341c331d9279bb1dba97bbe5baca43817098070115d715c7242098c9c5c3c3965d2e0ce37871973fc26b2bf0f663d810caae
- SSDEEP
  
  1536:SD7T6pcEmvNYZOYISWNYLPSau1grAY9UMFccyD7je8aXMDO/iBo/VbcJ:SG3mLYBWNgPSauMXCqccyD7j22u5cJ
Score

10^/10

adware evasion stealer
- Modifies firewall policy service
  evasion
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealer

behavioral2

adwareevasionstealer