577a902f8b8c7d0c261c963f646831ff32b22c7443905e780207370943006836 | Triage

Sharing

General

Target

d6660e6e89baf4cd6d941e175f922ded_JaffaCakes118
Size

9.0MB
Sample

240909-qme93asdnf
MD5

d6660e6e89baf4cd6d941e175f922ded
SHA1

8f6bdf15116430f0e8e21ca45f53b754123cffaa
SHA256

577a902f8b8c7d0c261c963f646831ff32b22c7443905e780207370943006836
SHA512

e2de27614b55e0022a0b6093129e82b9d9878f43a373c14afa7111fb7cd663e4c8ed7a3a76ef8204d40b8493d525cd40b28235fb1c4d13367308926f7d807335
SSDEEP

49152:Izrh20HcSyFeOJpl6IKxrrQwgTz4HhsH+oYTRayy2LFxK5e6JZp2c+xoj2Sj3:0rh2RTSfQwNHhluyra2U3

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  d6660e6e89baf4cd6d941e175f922ded_JaffaCakes118
- Size
  
  9.0MB
- MD5
  
  d6660e6e89baf4cd6d941e175f922ded
- SHA1
  
  8f6bdf15116430f0e8e21ca45f53b754123cffaa
- SHA256
  
  577a902f8b8c7d0c261c963f646831ff32b22c7443905e780207370943006836
- SHA512
  
  e2de27614b55e0022a0b6093129e82b9d9878f43a373c14afa7111fb7cd663e4c8ed7a3a76ef8204d40b8493d525cd40b28235fb1c4d13367308926f7d807335
- SSDEEP
  
  49152:Izrh20HcSyFeOJpl6IKxrrQwgTz4HhsH+oYTRayy2LFxK5e6JZp2c+xoj2Sj3:0rh2RTSfQwNHhluyra2U3
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer