edc6e5d94a0db1e256be267292b4f7b97ff4cdb638e34b78520d66a2e2c51725 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9f6e78e77a235a05c20244aa25d2479_JaffaCakes118
Size

204KB
Sample

240819-hce8baygqf
MD5

a9f6e78e77a235a05c20244aa25d2479
SHA1

83cc54f729a3d1d411f10ffe9c6e81cb93878745
SHA256

edc6e5d94a0db1e256be267292b4f7b97ff4cdb638e34b78520d66a2e2c51725
SHA512

f0b0a8e1a8992136d3fa6a009f0429ff78f460f2b11edd8f8c0d4667891d6f92e67bad5f0f275aed1ca2fc8a5dc4b9909e3421f78cf008aedf599680ff34b360
SSDEEP

3072:dVFKR3q9DeyMfSyA7YlA80kWFdHkOBv+/4H+XFjXt2w6oO5hhBcy:5K//PZB0kWDEMv+/QQFx2wVOvhS

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  a9f6e78e77a235a05c20244aa25d2479_JaffaCakes118
- Size
  
  204KB
- MD5
  
  a9f6e78e77a235a05c20244aa25d2479
- SHA1
  
  83cc54f729a3d1d411f10ffe9c6e81cb93878745
- SHA256
  
  edc6e5d94a0db1e256be267292b4f7b97ff4cdb638e34b78520d66a2e2c51725
- SHA512
  
  f0b0a8e1a8992136d3fa6a009f0429ff78f460f2b11edd8f8c0d4667891d6f92e67bad5f0f275aed1ca2fc8a5dc4b9909e3421f78cf008aedf599680ff34b360
- SSDEEP
  
  3072:dVFKR3q9DeyMfSyA7YlA80kWFdHkOBv+/4H+XFjXt2w6oO5hhBcy:5K//PZB0kWDEMv+/QQFx2wVOvhS
Score

7^/10

adware discovery stealer
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer