d55da147d54f001f69174db881fdc3ddb83a7173f87b8f960b8ca0a81dcabc51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70ee3ae684fffd7e17e4f36519da8586_JaffaCakes118
Size

393KB
Sample

240725-x9g6hatbrb
MD5

70ee3ae684fffd7e17e4f36519da8586
SHA1

463e9e19ab96fc96e07f529ce387dfab1f31b2d1
SHA256

d55da147d54f001f69174db881fdc3ddb83a7173f87b8f960b8ca0a81dcabc51
SHA512

1365ab4c22bb762a9200f544c319c9bf6aa1f700515aea4dc4c47f25c773367528626f3a5504027490b097182de555037e6fe8f056ae761bec0e645ea7f5c430
SSDEEP

12288:jykIYw25B7PaBYiStKSDSk7dKj8n4OwT63:bIE3CgKS1b4DTS

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  70ee3ae684fffd7e17e4f36519da8586_JaffaCakes118
- Size
  
  393KB
- MD5
  
  70ee3ae684fffd7e17e4f36519da8586
- SHA1
  
  463e9e19ab96fc96e07f529ce387dfab1f31b2d1
- SHA256
  
  d55da147d54f001f69174db881fdc3ddb83a7173f87b8f960b8ca0a81dcabc51
- SHA512
  
  1365ab4c22bb762a9200f544c319c9bf6aa1f700515aea4dc4c47f25c773367528626f3a5504027490b097182de555037e6fe8f056ae761bec0e645ea7f5c430
- SSDEEP
  
  12288:jykIYw25B7PaBYiStKSDSk7dKj8n4OwT63:bIE3CgKS1b4DTS
Score

7^/10

adware discovery stealer
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $SYSDIR/$R0/$_2_
- Size
  
  283KB
- MD5
  
  cf06362a765285cb6485b83b19c3fd1d
- SHA1
  
  b8b5894c792bd21ed8976cc8f9356f1c69af300d
- SHA256
  
  705a6aec719ae751189baf583711c8d40ec6c0f14d685f2f223fe6675afcd344
- SHA512
  
  8dec18cd53c967e63ec28f26efb1a6f3964ad3ed757d3a60c05ac8a8ddf21e44d867c67b9a52b46fc2d3dd23b04ae284fad4c0fea934e54eb7583e8b2ac0040b
- SSDEEP
  
  3072:2nZuxl0nmlMme8kXgv6S2mSaonI02jMNahqHQ9JLx9SlkAdJzOtNSgnyJgVCaikO:ql/uFon2LcHQ9dxyGDA9N1Yx2Bja
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/$SYSDIR/$_2_
- Size
  
  384KB
- MD5
  
  9d3bac3ea78e7c59a0f46d9d28a32fbf
- SHA1
  
  876e4eaae9a6089501e0f9376f6f5c5736a45d82
- SHA256
  
  9dcd339f85e966a4e5ffb8c111e3755b4cd675016da8b8de0215df08950ffbb7
- SHA512
  
  49285eee49af338c296d4f1455a371638400a4870ceb4ec5c502cbe224b6f7b0e246cea2e62b23ffb97cbbb855f2e54b109aa6d93d3dd2da31bbd37f172aac84
- SSDEEP
  
  6144:NhKh3DUBJBkt9UszGXHdEGH5RNOzofJkK4mj7lfoxh4:NQiBLk3UszKyGtOzofmK4m1foxh4
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  $SYSDIR/$SYSDIR/u_$_2_.exe
- Size
  
  56KB
- MD5
  
  5b14aa4f51f67af10cf159d6f583b5e0
- SHA1
  
  3f3b9ff3b830cbd89b6a9cede4d9ce04db3780f0
- SHA256
  
  d3036827d6e80c6efc873103ecc19553606e6a05114c7307cd7c7f525777adcb
- SHA512
  
  d3d3b5e48a04d7adbdf8a5b6ad2f899ef28871a07171901f8439e2da9286f37404cfc2edc090fa9c7a39be5b24852f77568b21d23c156b784b9ed2f1c5bc672c
- SSDEEP
  
  768:CHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJxck6DZc/MwCaZ0fRE:CpgpHzb9dZVX9fHMvG0D3XJxck8aYf2z
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

adwarediscoverystealer

behavioral8

adwarediscoverystealer

behavioral9

behavioral10

behavioral11

behavioral12