9e355ebbac6b249350549565790d69a5e08d0a1b89ca4045d83fe27726dcee68 | Triage

Sharing

General

Target

f04a2e3a113ee4dcb43f1b8f54130fce_JaffaCakes118
Size

158KB
Sample

240921-vy9p9stgme
MD5

f04a2e3a113ee4dcb43f1b8f54130fce
SHA1

df172fb259cf74b98a4507e708223a6e1b4d5f36
SHA256

9e355ebbac6b249350549565790d69a5e08d0a1b89ca4045d83fe27726dcee68
SHA512

26cbe42c86d41e09f8147c4538351f91d00137d3f0583d903f9979d322be97f976bf725c5263eca9b83348ddc070dfc6111e5e4cde8fac856ad58484ca1db562
SSDEEP

3072:RUo1ije7HSjSMOt332bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7fDCrlNi:Cj2HSnQ34wvP6bQ7yMP+DE827fYlg

Score

7^/10

adware aspackv2 bootkit discovery persistence stealer

Malware Config

Targets

- Target
  
  f04a2e3a113ee4dcb43f1b8f54130fce_JaffaCakes118
- Size
  
  158KB
- MD5
  
  f04a2e3a113ee4dcb43f1b8f54130fce
- SHA1
  
  df172fb259cf74b98a4507e708223a6e1b4d5f36
- SHA256
  
  9e355ebbac6b249350549565790d69a5e08d0a1b89ca4045d83fe27726dcee68
- SHA512
  
  26cbe42c86d41e09f8147c4538351f91d00137d3f0583d903f9979d322be97f976bf725c5263eca9b83348ddc070dfc6111e5e4cde8fac856ad58484ca1db562
- SSDEEP
  
  3072:RUo1ije7HSjSMOt332bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7fDCrlNi:Cj2HSnQ34wvP6bQ7yMP+DE827fYlg
Score

6^/10

adware bootkit discovery persistence stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitdiscoverypersistencestealer

behavioral2

adwarediscoverystealer