cbe1344e6c6eded39c5c9c8790ed037b61b1d50014872114be78277d554965b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cff9271fe93be3a5e4a7397301bc0073_JaffaCakes118
Size

39.4MB
Sample

240906-t3c2esxcna
MD5

cff9271fe93be3a5e4a7397301bc0073
SHA1

b2ea85e869ace1d44c0a200bf2a1bc9b8b4c0cf0
SHA256

cbe1344e6c6eded39c5c9c8790ed037b61b1d50014872114be78277d554965b2
SHA512

5e1678ccb63f9d15f2df3a15f5622c82bd00256a42ba650fd7653e1042505a69b43a7abde9d72c24b427a634c7a2f11b0fee3bda668b64e46d7abac2983f314d
SSDEEP

786432:5kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHP:5sdqqez9H7wWPRt3f3bXo1wNZ

Score

10^/10

adware discovery evasion persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  cff9271fe93be3a5e4a7397301bc0073_JaffaCakes118
- Size
  
  39.4MB
- MD5
  
  cff9271fe93be3a5e4a7397301bc0073
- SHA1
  
  b2ea85e869ace1d44c0a200bf2a1bc9b8b4c0cf0
- SHA256
  
  cbe1344e6c6eded39c5c9c8790ed037b61b1d50014872114be78277d554965b2
- SHA512
  
  5e1678ccb63f9d15f2df3a15f5622c82bd00256a42ba650fd7653e1042505a69b43a7abde9d72c24b427a634c7a2f11b0fee3bda668b64e46d7abac2983f314d
- SSDEEP
  
  786432:5kxc4BiiqqeuC9H607Yd0FPAwt3f3DXXo1wg+37TLYVzvWVHP:5sdqqez9H7wWPRt3f3bXo1wNZ
Score

10^/10

adware discovery evasion persistence privilege_escalation stealer
- Modifies firewall policy service
  evasion
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionpersistenceprivilege_escalationstealer

behavioral2

adwarediscoveryevasionpersistenceprivilege_escalationstealer