461c9ace32d604582015c9c14866c638d2e89299af36660e585e2b602fd06325 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

d0163535c4...18.exe

windows7-x64

7

d0163535c4...18.exe

windows10-2004-x64

7

Sharing

General

Target

d0163535c4eec81bf2b47e8d24d356fe_JaffaCakes118
Size

288KB
Sample

240906-v5qkzayhkp
MD5

d0163535c4eec81bf2b47e8d24d356fe
SHA1

1acb750d52de652014812b33f5f9321837004695
SHA256

461c9ace32d604582015c9c14866c638d2e89299af36660e585e2b602fd06325
SHA512

e1d25e8c5965867ee101a73e9eb5939252a05337d1ae4236e824f47c66a0075e37371ea7db49576fb194991131de0553d7a05092d1d0cadbabb87eca089b4927
SSDEEP

3072:2Ii+jV2n7WyZuCkJ0DSGgrt05bnwhVh6PTPlfMX2Ul3SFVu1HUL3/qU4V:2CjVktZucmZ0xCVh65fXUIVu1H2+V

Score

7^/10

adware discovery evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d0163535c4eec81bf2b47e8d24d356fe_JaffaCakes118.exe

Resource

win7-20240903-en

adware discovery evasion stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0163535c4eec81bf2b47e8d24d356fe_JaffaCakes118.exe

Resource

win10v2004-20240802-en

adware discovery evasion stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d0163535c4eec81bf2b47e8d24d356fe_JaffaCakes118
- Size
  
  288KB
- MD5
  
  d0163535c4eec81bf2b47e8d24d356fe
- SHA1
  
  1acb750d52de652014812b33f5f9321837004695
- SHA256
  
  461c9ace32d604582015c9c14866c638d2e89299af36660e585e2b602fd06325
- SHA512
  
  e1d25e8c5965867ee101a73e9eb5939252a05337d1ae4236e824f47c66a0075e37371ea7db49576fb194991131de0553d7a05092d1d0cadbabb87eca089b4927
- SSDEEP
  
  3072:2Ii+jV2n7WyZuCkJ0DSGgrt05bnwhVh6PTPlfMX2Ul3SFVu1HUL3/qU4V:2CjVktZucmZ0xCVh65fXUIVu1H2+V
Score

7^/10

adware discovery evasion stealer trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryevasionstealertrojan

behavioral2

adwarediscoveryevasionstealertrojan

© 2018-2024

Terms | Privacy