89b5eee532b9c3f86b0755268094c53744776e6dc8849df20fdb08c613bc2ba1 | Triage

Sharing

General

Target

de89b60e03ead9a168ff08e893e7d585_JaffaCakes118
Size

975KB
Sample

240913-vmeqrayarm
MD5

de89b60e03ead9a168ff08e893e7d585
SHA1

84152f56830e960d730aca7204825644a76e0c74
SHA256

89b5eee532b9c3f86b0755268094c53744776e6dc8849df20fdb08c613bc2ba1
SHA512

de324f324111589f521d01746b551ec09681d2236d2258f1a16a9ce31621f9416e9385dd0d50c9772e0b4a2fb831db6fdd6a8e999ddef70303ac25377deb8c9c
SSDEEP

24576:FOz5B6nkxVBEBoc1rYD+QXqDJagiq8+yW7xN2X:uB60BjoWnXyppPxN2X

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  de89b60e03ead9a168ff08e893e7d585_JaffaCakes118
- Size
  
  975KB
- MD5
  
  de89b60e03ead9a168ff08e893e7d585
- SHA1
  
  84152f56830e960d730aca7204825644a76e0c74
- SHA256
  
  89b5eee532b9c3f86b0755268094c53744776e6dc8849df20fdb08c613bc2ba1
- SHA512
  
  de324f324111589f521d01746b551ec09681d2236d2258f1a16a9ce31621f9416e9385dd0d50c9772e0b4a2fb831db6fdd6a8e999ddef70303ac25377deb8c9c
- SSDEEP
  
  24576:FOz5B6nkxVBEBoc1rYD+QXqDJagiq8+yW7xN2X:uB60BjoWnXyppPxN2X
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  d7b3f05ff44116b9080b5e69b2e86efd
- SHA1
  
  2535ecfa122041edb901ac667944e0f6814c4cd0
- SHA256
  
  40d66e085409445202dce1b5419449cc302d91be17614b521e3ccce473205db7
- SHA512
  
  414c6b410b35a8bb5a2c9fdd46dad63704484e1535155219b29a5bb886ded73f4b7ca3bafa726ce751e1c711a764938c9256106a90098263d6ff88bc017ec140
- SSDEEP
  
  192:X6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:X6JaVh4I5rpPbTy+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4fbb4a2cd711fc1fe84f3dc30c491dc9
- SHA1
  
  888e01ae6e64e7326f88df9a30587f699eab154a
- SHA256
  
  c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2
- SHA512
  
  92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847
- SSDEEP
  
  192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PROGRAMFILES/ics_toolbar/uninstall.exe
- Size
  
  67KB
- MD5
  
  cb0bae40b3482586155fa5af3e3b836f
- SHA1
  
  60ab76844b907b0b63556adca575a599305a4eb7
- SHA256
  
  fd455888e6c44902aed4d1369e7bb580d962d14849ca910506770d6c7c379925
- SHA512
  
  f435a6cfe66d276a19d5b03f0e6460dc9b190f1a8fb26ade3fe6b9525bfd1918b0461e07316f39207eee8391c77a6f7813b947bb99b39c9d2a22bef9325318b3
- SSDEEP
  
  768:d2gF2QptPs4BBNsZZ1x/mWX6Vz5FiqeWkJ/5JWmtHqOonXgmUpbbUgdfRSsxC4GS:w42cPHBg5mVXkJ/jHtKJ8bb1x+v9nof9
Score

7^/10

discovery
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  17KB
- MD5
  
  e241424579fdfd683f0adff02b7483a8
- SHA1
  
  c4cde72b3e5e34730a41d43383d1234279dff1f6
- SHA256
  
  c8601ee8eda1952ac188c05ae0527b51e525ee4ff36f67218dfdd2d48c79fd6a
- SHA512
  
  a0c0f4bb55b8c0143266705292805fcb98f72dbdc4b724569cb31bd7488258ded63583e1f060c1d7bf003d3df2018b05a0720cee3064b6f6c60247e959636947
- SSDEEP
  
  384:kUQ8ARo6sMgnJlR05iBBlMYyy5150Ac9k+LMkIX1+IFkDJ2:k3o3MgnJlR05iBBSYz1/A
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  fe24766ba314f620d57d0cf7339103c0
- SHA1
  
  8641545f03f03ff07485d6ec4d7b41cbb898c269
- SHA256
  
  802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd
- SHA512
  
  60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3
- SSDEEP
  
  192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/locate.dll
- Size
  
  15KB
- MD5
  
  2823994b76ea8a43f8a1db4d5ac94e2b
- SHA1
  
  f4a001d2b33e430b92e84a144ef12b076f3d8de3
- SHA256
  
  228c5afac5f196845b9f2a4dbd75a8abb949ab8091eb9d24979c2e67378c9b0b
- SHA512
  
  2c233ea29f23a827cc29d615931dc5df1e12b9f9af3c7b63cae01632a4e68f5183640d63f2de203ef68353179ed424b0264931fbea87827163e60cca1e072e67
- SSDEEP
  
  384:oNDwJRxT1EtmGXjzuNpNkNrNXaHe+cl3jsYo:o5SRxSzCjEZKHe+cW
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $_8_/ics_toolbar/$R0
- Size
  
  1.9MB
- MD5
  
  f1282f02b53154b512c835a373b6dc05
- SHA1
  
  c4280dd668705465513512824555e2e66b5afe0f
- SHA256
  
  cbf22c1090741eac1d055136a97aaa42aaef7b9644d37b8a9ab88680c0ccda7c
- SHA512
  
  1bedd448843efb496ebe79100c791fedca7a0c5a4e28b4edd723b2e5569c402eeb1581132b738809a08e9c5a63a992e4a6d54f9c7ed5e418bf743791b7cfa9a4
- SSDEEP
  
  24576:A2lzv3EifooUZeerxeThERUekCNArBnFXaI+731wu2724sNjJ9KRrmNByD:Ae/qeJOArFdaI+7Fo64sX9CrmNA
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

adwarediscoverystealer

behavioral18

adwarediscoverystealer