935231acde473f769a003ccafec31823aa333122623ff0965bb473e0d18ed5d4 | Triage

Sharing

General

Target

4ac3ea15422a6ea6584c0191d99184af_JaffaCakes118
Size

4.5MB
Sample

240715-wf94ravdpb
MD5

4ac3ea15422a6ea6584c0191d99184af
SHA1

1e3b12658d87367e3a188570e3a2ad57f89a877e
SHA256

935231acde473f769a003ccafec31823aa333122623ff0965bb473e0d18ed5d4
SHA512

4abd163d1d738aa0cb927ad38e065fd253d38359575c9b3215b701095ad5a3979c896faccbe0627114897c6d04565beda7bb8a92f20ee3dd931fc4398e32b64f
SSDEEP

98304:mN9etDELpTkdoOH09nar988UrMdWs/2725sI:m6ds59Q8ZrMcsgvI

Score

7^/10

adware persistence stealer upx

Malware Config

Targets

- Target
  
  4ac3ea15422a6ea6584c0191d99184af_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  4ac3ea15422a6ea6584c0191d99184af
- SHA1
  
  1e3b12658d87367e3a188570e3a2ad57f89a877e
- SHA256
  
  935231acde473f769a003ccafec31823aa333122623ff0965bb473e0d18ed5d4
- SHA512
  
  4abd163d1d738aa0cb927ad38e065fd253d38359575c9b3215b701095ad5a3979c896faccbe0627114897c6d04565beda7bb8a92f20ee3dd931fc4398e32b64f
- SSDEEP
  
  98304:mN9etDELpTkdoOH09nar988UrMdWs/2725sI:m6ds59Q8ZrMcsgvI
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eef9e469e8a30717974499f277d97e2a
- SHA1
  
  2d33c25984ebd9116beeb55cdde4c5c86c023e5d
- SHA256
  
  1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
- SHA512
  
  d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
- SSDEEP
  
  192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  SNM.chm
- Size
  
  318KB
- MD5
  
  b3b69d77d201801e1ba8103b117fb342
- SHA1
  
  879c695087cfdf17f9fe02e05c71b3426ff6b5c6
- SHA256
  
  df9337fc8bf09bc80e8c9ecdcb84e9b5fbb11eed2670e1733514ac5588b63934
- SHA512
  
  d198cd946d5b94c21372b3706b6bd9171412ddbc16c513df213e370008db5f28d62a2c357592af9e21bdc331e1bcf59a855292cdd664ce12f90d809bf7d9cbb6
- SSDEEP
  
  6144:u8E3LlE64/HKuXytnPsHkn2v7Tu468779FuaBaxz+:+lOKQy1P8b3f1XKaYQ
Score

1^/10
behavioral5 behavioral6
- Target
  
  SNM.exe
- Size
  
  1.0MB
- MD5
  
  412fa43a90c8821272f54dd6000f8ed0
- SHA1
  
  e9c743cbd28bedb779488edc3c59b1394bc5dc60
- SHA256
  
  4bf982a01d1ec13159e656efabe0b9656a1b29fbc755a33d5fc38d43d3bdc406
- SHA512
  
  96e4a9d85e43a92f74fd1e8cdf83f880085454d6fe774e8265e26d1bf1c41d863c7bf5dc713a19ee47808748d472e5e76c8646df989ece63641b5580e30cff9f
- SSDEEP
  
  24576:wuQME6lVKOBeY57ZcbtwaC+HM/B7XJOz57kNirN:wuQMEUxgC+s/B7Xid7N
Score

6^/10

adware persistence stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  snmIeGuard.dll
- Size
  
  200KB
- MD5
  
  87e1ab9707fd811cf1e8ca6b153641b7
- SHA1
  
  720bc8969fd88ff49f09777dca4c45136821e849
- SHA256
  
  562d912eec4c6d77c93ec1dead43ec981964a030c1a659f2041ec0f74f160e36
- SHA512
  
  1f89c97731413dd09e870fe5ee66deaf4b289e4bf3a4e26545b2a46ffd8d0a47284c0df6edf4bbf9e1f84ccbb619bd107f0ae99f17d71eaae33def0f475f9a91
- SSDEEP
  
  6144:5j7P/6NdgNgTQ9cA4r7OtIdpWf15tQ+E+jU4z+/w:9P/E2NgTQ9H2pm13Ql+jEw
Score

7^/10

adware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

adwarepersistencestealer

behavioral8

adwarepersistencestealer

behavioral9

behavioral10

adwarestealerupx