518b71f4e947e693e39cc58fd2a2a96ada18256ba67af49b3566fb83bb14f786 | Triage

Sharing

General

Target

b6a9989075a7cb8d99a5ee870ba1c089_JaffaCakes118
Size

244KB
Sample

240822-g8e2rasgre
MD5

b6a9989075a7cb8d99a5ee870ba1c089
SHA1

9219835bee2289f1ac0e579fb1690e3f742ef6ce
SHA256

518b71f4e947e693e39cc58fd2a2a96ada18256ba67af49b3566fb83bb14f786
SHA512

e4f1112eb1fa5754d3de31a77abfda03d7b68cfd4d62e67dc053fb7d5db0ef5876458765941248358fb76de5a160a250fcdd8234990bf660ad5af8222a7e1cae
SSDEEP

3072:OwJIzwpI9keljmB/kuNz8+vaybk2pkwAOMzPjptdeNErudFb:OLUpIielKBg+vDwYGFTeNEw

Score

8^/10

adware defense_evasion discovery persistence stealer

Malware Config

Targets

- Target
  
  b6a9989075a7cb8d99a5ee870ba1c089_JaffaCakes118
- Size
  
  244KB
- MD5
  
  b6a9989075a7cb8d99a5ee870ba1c089
- SHA1
  
  9219835bee2289f1ac0e579fb1690e3f742ef6ce
- SHA256
  
  518b71f4e947e693e39cc58fd2a2a96ada18256ba67af49b3566fb83bb14f786
- SHA512
  
  e4f1112eb1fa5754d3de31a77abfda03d7b68cfd4d62e67dc053fb7d5db0ef5876458765941248358fb76de5a160a250fcdd8234990bf660ad5af8222a7e1cae
- SSDEEP
  
  3072:OwJIzwpI9keljmB/kuNz8+vaybk2pkwAOMzPjptdeNErudFb:OLUpIielKBg+vDwYGFTeNEw
Score

8^/10

adware defense_evasion discovery persistence stealer
- Server Software Component: Terminal Services DLL
  persistence
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Server Software Component

Terminal Services DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasiondiscoverypersistencestealer

behavioral2

adwaredefense_evasiondiscoverypersistencestealer