2100dcdbfa6fa033bb725e5f352433d159854743a0816a9c2fba579bb9b54c9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c86f241cb990115ad71bcf314f894c39_JaffaCakes118
Size

9.9MB
Sample

240829-jbkl3ssapq
MD5

c86f241cb990115ad71bcf314f894c39
SHA1

ddbf16e3d9ccb155901ad0cdcfd5f13c534b782a
SHA256

2100dcdbfa6fa033bb725e5f352433d159854743a0816a9c2fba579bb9b54c9c
SHA512

3399169f3ef306ff156c71ef46bbf90e370b315072eab44711061ab0fc817fad65e99b38e230b2b7919e0bf32bede1e33cb435feb27ab36a01788b5058ec40f7
SSDEEP

196608:SgsBkyS1kHHD9BTsR/FKqaq/Rd+G7Iu9rt5J4SHgY4sZ/ABLGR:TD1knzTsB4qH/X7LzJ4SAguY

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  c86f241cb990115ad71bcf314f894c39_JaffaCakes118
- Size
  
  9.9MB
- MD5
  
  c86f241cb990115ad71bcf314f894c39
- SHA1
  
  ddbf16e3d9ccb155901ad0cdcfd5f13c534b782a
- SHA256
  
  2100dcdbfa6fa033bb725e5f352433d159854743a0816a9c2fba579bb9b54c9c
- SHA512
  
  3399169f3ef306ff156c71ef46bbf90e370b315072eab44711061ab0fc817fad65e99b38e230b2b7919e0bf32bede1e33cb435feb27ab36a01788b5058ec40f7
- SSDEEP
  
  196608:SgsBkyS1kHHD9BTsR/FKqaq/Rd+G7Iu9rt5J4SHgY4sZ/ABLGR:TD1knzTsB4qH/X7LzJ4SAguY
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer