194f005dbabdf52ed273e918293a89b81ce7167702b6ac703c8739473872ec7a | Triage

Sharing

General

Target

468e30bfe0fbe5024c798c4c40f981ac_JaffaCakes118
Size

70KB
Sample

240714-tmlcvsxern
MD5

468e30bfe0fbe5024c798c4c40f981ac
SHA1

4fd5cf1155b5f594a12e82c63171c7166245a00c
SHA256

194f005dbabdf52ed273e918293a89b81ce7167702b6ac703c8739473872ec7a
SHA512

d496d1b200495a60088174b6defda0422a0455b1a76e161b73c8e0e7c17640906a42fb631761ced5076a6e204843cfae9659aeacce90bed1bfce7ac953b77295
SSDEEP

1536:EF2nKxvQWWriFtvlcSGRJ5PtM6wvLNfYV33vPzLaLePtYLVNG3vAGDO1Tn5wEKi2:EFqKVgGU8DNAVv3GLCVD+ZKijozoOzc2

Score

10^/10

adware evasion stealer

Malware Config

Targets

- Target
  
  468e30bfe0fbe5024c798c4c40f981ac_JaffaCakes118
- Size
  
  70KB
- MD5
  
  468e30bfe0fbe5024c798c4c40f981ac
- SHA1
  
  4fd5cf1155b5f594a12e82c63171c7166245a00c
- SHA256
  
  194f005dbabdf52ed273e918293a89b81ce7167702b6ac703c8739473872ec7a
- SHA512
  
  d496d1b200495a60088174b6defda0422a0455b1a76e161b73c8e0e7c17640906a42fb631761ced5076a6e204843cfae9659aeacce90bed1bfce7ac953b77295
- SSDEEP
  
  1536:EF2nKxvQWWriFtvlcSGRJ5PtM6wvLNfYV33vPzLaLePtYLVNG3vAGDO1Tn5wEKi2:EFqKVgGU8DNAVv3GLCVD+ZKijozoOzc2
Score

10^/10

adware evasion stealer
- Modifies firewall policy service
  evasion
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealer

behavioral2

adwareevasionstealer