04e8be80c1fd148ea5dcf454d447b7d33cd7828381ffb9ed0d7bd97ae73d8160 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a658d49284856af54ef1f02a2af1a2c_JaffaCakes118
Size

1.0MB
Sample

240811-pw76rszdjm
MD5

8a658d49284856af54ef1f02a2af1a2c
SHA1

3cad1360759d4485d34e55fdc7560350f8524acf
SHA256

04e8be80c1fd148ea5dcf454d447b7d33cd7828381ffb9ed0d7bd97ae73d8160
SHA512

dadaec9a051226d1a0d65c0ce4eb7cec4f6ec0c0abeb721056382265f5ed3daddeaacea1e7f5a9e46307a97c72c56c583f2c42e8d15aac07e10fd71e7a8f196f
SSDEEP

12288:4jTpxThOSynbdJQ9Gl4ndMJ8JR/EEoCwx0bBzSfqzpSwyovU59nP3V7p1:4hhh4zD+dbRJoCwabRMZNVPv1

Score

10^/10

adware discovery stealer

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://www.grooveshark.com/

Targets

- Target
  
  8a658d49284856af54ef1f02a2af1a2c_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  8a658d49284856af54ef1f02a2af1a2c
- SHA1
  
  3cad1360759d4485d34e55fdc7560350f8524acf
- SHA256
  
  04e8be80c1fd148ea5dcf454d447b7d33cd7828381ffb9ed0d7bd97ae73d8160
- SHA512
  
  dadaec9a051226d1a0d65c0ce4eb7cec4f6ec0c0abeb721056382265f5ed3daddeaacea1e7f5a9e46307a97c72c56c583f2c42e8d15aac07e10fd71e7a8f196f
- SSDEEP
  
  12288:4jTpxThOSynbdJQ9Gl4ndMJ8JR/EEoCwx0bBzSfqzpSwyovU59nP3V7p1:4hhh4zD+dbRJoCwabRMZNVPv1
Score

10^/10

adware discovery stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer