a148412a5c1cc9aba0ecdbb3e44010aeac75b40f23492bd04c0127e558aa44ac | Triage

Sharing

General

Target

64799a0a4118c6ccb56c8c8bd9dae0c0_JaffaCakes118
Size

1.7MB
Sample

240722-x3djqstdpd
MD5

64799a0a4118c6ccb56c8c8bd9dae0c0
SHA1

bcd05bf2b8a1e6920f3fb936f51676b90d00fe27
SHA256

a148412a5c1cc9aba0ecdbb3e44010aeac75b40f23492bd04c0127e558aa44ac
SHA512

ae9c6e7ed1ffbd5ba864655de638c917dda149be41559d21eabc9236ab887158a89770f28e6fdb5f95b659c3415cd4722c71c23d1fa1d56d8e6d6acfd2e4a49e
SSDEEP

49152:NFHplMNmSOZZSctRqhzS+sGjP5rUBBO4xOAL:Nlp6mSOZsctizzHjxUBH

Score

7^/10

adware discovery execution stealer

Malware Config

Targets

- Target
  
  64799a0a4118c6ccb56c8c8bd9dae0c0_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  64799a0a4118c6ccb56c8c8bd9dae0c0
- SHA1
  
  bcd05bf2b8a1e6920f3fb936f51676b90d00fe27
- SHA256
  
  a148412a5c1cc9aba0ecdbb3e44010aeac75b40f23492bd04c0127e558aa44ac
- SHA512
  
  ae9c6e7ed1ffbd5ba864655de638c917dda149be41559d21eabc9236ab887158a89770f28e6fdb5f95b659c3415cd4722c71c23d1fa1d56d8e6d6acfd2e4a49e
- SSDEEP
  
  49152:NFHplMNmSOZZSctRqhzS+sGjP5rUBBO4xOAL:Nlp6mSOZsctizzHjxUBH
Score

7^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NsisPluginOB.dll
- Size
  
  239KB
- MD5
  
  3ee7387bfe2dfabc3bd86f39795bb0da
- SHA1
  
  66071d64229506aad7c802658001725eeab70c02
- SHA256
  
  123a2a7b785e24f415a6ebf5e56c807a028d2c45ba7d82f19c4e837b28a6f9db
- SHA512
  
  725c8d940be97b3eb080061c6f413f1676764be1d3cf1e0389550a24e73e694eb51ea2c19f51f1abd654a47cb45b6c3b48cf46f6b8b9d77c7874fd87db0e6c1c
- SSDEEP
  
  6144:Q7YRZ0tknVvtI5j5FBQNC0FyR8I6JjtbD:yZ5j5Ft0FyUV9
Score

3^/10
behavioral3 behavioral4
- Target
  
  OfferBox.exe
- Size
  
  1.9MB
- MD5
  
  2e33eb8d43cf15ec73e45baa0df06191
- SHA1
  
  34b8c49e032c4dd5f4245d6f2b2386628bd9c927
- SHA256
  
  9b1a56f7c746fd7a1c4113040e5c1b7abf90d77db448508989ed85d5bf589881
- SHA512
  
  3c20b01abc639d8f1496ac728af4e58b774e026ce4f146235c5d48d05ed580326bbe040a09639a40bad216e702034e10861d657d3b406a90f10d02a85b16b038
- SSDEEP
  
  49152:Ix6lzqFI7E2Z52MiLC288T8tRcsucD7uaHYDtR+/c0cayU:oZI7EVMb288T8tuxcGaQtROJ
Score

1^/10
behavioral5 behavioral6
- Target
  
  OfferBoxBHO.dll
- Size
  
  131KB
- MD5
  
  b4b61f417df1f173a78a55e9029be6fb
- SHA1
  
  19facf2bc92cf281b21c704faeda72fdd2909fcf
- SHA256
  
  aef0ff4a4c0f589ea4839df6108b92adc024155281860703b28c70581aac6ee6
- SHA512
  
  ee9ad0a9acb8d1ba605aebdc061cbabfd5ad539169dbcef5c569be5e3b014ee7f33ad6313576a1aba4848886ee74f01d565192e06a124814ae1cae9c61b96ef6
- SSDEEP
  
  1536:brWkiTK8yE6Q7ZtbfpCRJt02GPLyRW75JrktWjC4rzHphl+lz54+U65nz677JOEN:/iTKFEdlwmPsgLT1+l++35n2f4Ftb2
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  OfferboxChromePlugin.dll
- Size
  
  68KB
- MD5
  
  ae42cc8f93664bf54c6baa3da2a0e114
- SHA1
  
  e218a977513b8799ef5891f57baf90fda1a76ec6
- SHA256
  
  9e0dba0d22cd19d9a54e7154cf1a93d961fac4adfcc09f67a28f384988bf4e11
- SHA512
  
  eabe87eacf539f4f5795eae2cf8000b52bb12647a1b91fdc08c4a1d7aad13ca521214d9aa7cf0d3dcb1a64b382e8d01e5163a8beb263bb90c9d6a2599c0642f3
- SSDEEP
  
  1536:MEKLP8wS42H+Ge7R6fbHOk5q2qFatyCNA:MnLP8wr4HOk5qJQtbA
Score

3^/10
behavioral10 behavioral9
- Target
  
  background.html
- Size
  
  623B
- MD5
  
  20b338f9fad24d65734018bce8a8d5fa
- SHA1
  
  3d3a25bb4981d684ba49879c75e00ece76954b63
- SHA256
  
  eab1640b3cf8e8d38fbf4f3d9d91997b07282b57d4c142b198c57a80aac0ed4b
- SHA512
  
  20b17f57815deafe5497ebff46440e1fbdcd5babfe78f8b7e644dacabc9cb2965f0516cece121f5cb808d9080d1bdd3d400e3a4d273b9b13ce29dff72506c78d
Score

1^/10
behavioral11 behavioral12
- Target
  
  contentscript.js
- Size
  
  734B
- MD5
  
  ed97e5b3375230686bf640e931b769d1
- SHA1
  
  905f09afeb3171b661a19d8dec4dcc1ae18a6651
- SHA256
  
  3e2eba860b886a98d6ddb90a370c07ee6f92e63a697c637128ff308f8eccd905
- SHA512
  
  9ec174964fb9f47c232eec4efe81fa9fe887671e5acb892e14ca43713aa830237686d27c35856d5569798ab1164cc3f7c5ec83ed2b1b0aa106bc1d96ccc7fc90
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  OfferBoxEngine.dll
- Size
  
  1.0MB
- MD5
  
  648bcb283d84f257184bb390d0d3a375
- SHA1
  
  35aeac1459e955f92eeb38074b6f8384843af6a0
- SHA256
  
  ba170abbf00b8a46a64626d30c2f39f2d69f4c7aaa7a0bddb4e2a79160cb2678
- SHA512
  
  f932f7ef1c72a1d2f327a497ad7ffd974fa85e21f67aed3a537c99d674665385751217b2b9fa7ef5c13bfa89a0c9d1c92065d365931335b536974a333896316b
- SSDEEP
  
  12288:tYGPUEJXolX0VuJhq1otALXnoYsXBSYmRVCXeTld2hlovcDhXxT:tmEVshE0XBSYY/TlOlokDJxT
Score

1^/10
behavioral15 behavioral16
- Target
  
  OfferBoxLauncher.exe
- Size
  
  68KB
- MD5
  
  7d440d531f816402dc37ce1b96b1b6b1
- SHA1
  
  546cec38de6f5fa617d82fd2425ef1ea5bf48897
- SHA256
  
  2b42fc2b6c09148273326ebee5bdb127bcca81b274028b69b8ca62b4cd8f4eac
- SHA512
  
  d2a8801f8a77dadc6e90ff99b60b9a22551c088ec29069e730bf4a940fa6be4f6ec6da0c7fc93a69ad6e3bf7ec24b2e502aacd50ec8033a35581e373546dd484
- SSDEEP
  
  1536:LD4/U+jLGRbb+txkKu5v1xBQZ4O6JV7atyCN2N:4c+uy3u5vXJJV+tby
Score

1^/10
behavioral17 behavioral18
- Target
  
  [email protected]/chrome/content/events.js
- Size
  
  8KB
- MD5
  
  c440601660d29e0035adeff67d48bbef
- SHA1
  
  bc7e425503580bc691ffe7b43fbae99c73cdd544
- SHA256
  
  8aa88167feec8b355c6df962fe56e4d077d9e35fdd3751b81c49e1598f6a2532
- SHA512
  
  f38550dd62be35616ddc362f85935d8a094575f247a4be51ceccaec03c008797fb7125376113086859f0fd416a0471c4995d09753a8290904d3bfb2251cef02e
- SSDEEP
  
  96:f6yE/mt8kVZmNPuZwPGH2wMzwF4XiuZw4WuxwM1w5Cw22bKOh2AJvT4mz:SttGZGGH2Pa4XNZfWuxRJB2bKOhBth
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  [email protected]/components/OfferBoxXpCom.dll
- Size
  
  94KB
- MD5
  
  2e619bbb0c7d078b79be4ea94b8f9c31
- SHA1
  
  a72aab4defe54d679c5815e99ca5138f1487671f
- SHA256
  
  fa5fa9ee65b61c98d74810d5825ca37ff9e37d8ae50fcbccf0bab42eac0cde12
- SHA512
  
  234c7ee91f69db64e6b32913232b9ad4b75f1da64377391444ce5b12fa93b3eec7b977397f6c61acd36cb67e09876ff40105c1ed2bce610308a83dce49448cc3
- SSDEEP
  
  1536:9iC0px/QM6k3lFX5zf2R4gV2flkhSJyJmq2fBRI5mb6lpatyCNs:On4pkjQR4fI4qGBi5mOl0tbs
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22