b6cb7fe82d040b90408d42c2fb66477d8573061eb5a67c9f88fe1b4a3ad57961 | Triage

Sharing

General

Target

eab6593290c12adea3350600cffbb0f4_JaffaCakes118
Size

7.8MB
Sample

240919-gnpepathnq
MD5

eab6593290c12adea3350600cffbb0f4
SHA1

8a1ddb55b63a67653cd95cfce4313be2c416ad98
SHA256

b6cb7fe82d040b90408d42c2fb66477d8573061eb5a67c9f88fe1b4a3ad57961
SHA512

34462eac71699dc0dbef0ea01b97e6c93ab7ac6a04234214848624006f5b042373c021e73fe911073cc3a486d6a52dde837015f923e7658c0a7a89903ab463ca
SSDEEP

196608:wx/ijiu45W5QCjC50saEQbY8Nr6dvb9juFjer978OQ4wqjrriZTz:ctCj+bcYJ72y9ozniriZTz

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  eab6593290c12adea3350600cffbb0f4_JaffaCakes118
- Size
  
  7.8MB
- MD5
  
  eab6593290c12adea3350600cffbb0f4
- SHA1
  
  8a1ddb55b63a67653cd95cfce4313be2c416ad98
- SHA256
  
  b6cb7fe82d040b90408d42c2fb66477d8573061eb5a67c9f88fe1b4a3ad57961
- SHA512
  
  34462eac71699dc0dbef0ea01b97e6c93ab7ac6a04234214848624006f5b042373c021e73fe911073cc3a486d6a52dde837015f923e7658c0a7a89903ab463ca
- SSDEEP
  
  196608:wx/ijiu45W5QCjC50saEQbY8Nr6dvb9juFjer978OQ4wqjrriZTz:ctCj+bcYJ72y9ozniriZTz
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ProcDll.dll
- Size
  
  54KB
- MD5
  
  4bbffba241d51d447a527891c49cd1f3
- SHA1
  
  df6e9617bbf060c9373e173144a9943375874a2f
- SHA256
  
  7883866a9143135bcec5c173293265778ac68a331bfae7efbd9d92f21fb254cd
- SHA512
  
  ff366b7db3970c31352dc05ce3d8b53818555b768b3d2e52ba33cc7338ba47c4aa8ae48391fe6ac8072b150aa7947e0133b558b86b9cc2a3ec286472b98f01f0
- SSDEEP
  
  768:pwgZqT9MKHJsa0zguI5Y90Q/WKSUT5HCMdcJfzqX2POV2vG8WT0wBJvBclpS:pwgIBMKKaOr6hUT5HSrqmPOCn2J+l4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0ae9c427fe7bbbbf1368c1c6d3933ae7
- SHA1
  
  c8e5131613302531c88512dada29a18886259268
- SHA256
  
  49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
- SHA512
  
  59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
- SSDEEP
  
  96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $_6_/$_7_
- Size
  
  145KB
- MD5
  
  41e40b7029f4777d4d4a0e28a79a0f80
- SHA1
  
  1d5521aea911a3a70e369c2a794241c64ee9a3ef
- SHA256
  
  539244b3438caba21e9f1f0c7af69d434a2ee8cede5b96c470639d586c332d9e
- SHA512
  
  9d5f3a92b3394859a90f0ac4037c1851759a467c1c86cebffffc765c7779aef5b10a09c3ba93944b5fcd417361970c020f31c3531c12af2d041469cc5fceec63
- SSDEEP
  
  1536:lA1Muf72s47kaUOR7J7wTwDkkv2zxuaM2SfI+1IFtru4b8z3x1ZS3pA:lA6uj2/klItGIaM2If1IFtrlgzhGu
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  BHO/FlashGetBHO.dll
- Size
  
  145KB
- MD5
  
  41e40b7029f4777d4d4a0e28a79a0f80
- SHA1
  
  1d5521aea911a3a70e369c2a794241c64ee9a3ef
- SHA256
  
  539244b3438caba21e9f1f0c7af69d434a2ee8cede5b96c470639d586c332d9e
- SHA512
  
  9d5f3a92b3394859a90f0ac4037c1851759a467c1c86cebffffc765c7779aef5b10a09c3ba93944b5fcd417361970c020f31c3531c12af2d041469cc5fceec63
- SSDEEP
  
  1536:lA1Muf72s47kaUOR7J7wTwDkkv2zxuaM2SfI+1IFtru4b8z3x1ZS3pA:lA6uj2/klItGIaM2If1IFtrlgzhGu
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral10 behavioral9
- Target
  
  BHO/FlashGetHook.dll
- Size
  
  405KB
- MD5
  
  0486d733eaa8ec05db448135ca10adc2
- SHA1
  
  5838046d50168a87e7750e316a9c31947e6c7c32
- SHA256
  
  a9a05495d6369d6f2de8dd0a7afbfcf9c1f28c759092907c5a21ba797c2d8bdf
- SHA512
  
  472de3920b36cfefa65435dd9b82cf47f8edb13005d09f94c222ada585d60af55d786f7c5357f52bd2deb09db35ba3f584fe36aa536a52e9d2194ea2e06647db
- SSDEEP
  
  12288:Irrg0iQKp4sQRePNNNNNNXNNN/NT5XNNNfNNIJB9:IepvvE
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

adwarediscoverystealer

behavioral8

adwarediscoverystealer

behavioral9

adwarediscoverystealer

behavioral10

adwarediscoverystealer

behavioral11

behavioral12