11b1b6c25ddd8eb4d811064343ea686dadd87d5908eca6080151403797d433a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9e7fb9533c65bb27b08070778b61c51_JaffaCakes118
Size

2.0MB
Sample

240927-hcb6nazcjp
MD5

f9e7fb9533c65bb27b08070778b61c51
SHA1

62ce14d60eb065cf00eefb47268c1c9eec2c25a7
SHA256

11b1b6c25ddd8eb4d811064343ea686dadd87d5908eca6080151403797d433a1
SHA512

f095cad1ad1a5b0cc424033dbaeed5f6df1490dc2f1ef60e92b5b323eb6c9a029e212b0889851e3311e4e6ec51d21692f280e0ca353f128a26547fcd9d794799
SSDEEP

49152:mZYaw9wenh9vKo73FDIIp0/fdU7e3JM3XoyJ5beoSfOzcE1K:Ww9wap3FUu+a7e3JM3XJFJSWzcE1K

Score

7^/10

adware discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  f9e7fb9533c65bb27b08070778b61c51_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  f9e7fb9533c65bb27b08070778b61c51
- SHA1
  
  62ce14d60eb065cf00eefb47268c1c9eec2c25a7
- SHA256
  
  11b1b6c25ddd8eb4d811064343ea686dadd87d5908eca6080151403797d433a1
- SHA512
  
  f095cad1ad1a5b0cc424033dbaeed5f6df1490dc2f1ef60e92b5b323eb6c9a029e212b0889851e3311e4e6ec51d21692f280e0ca353f128a26547fcd9d794799
- SSDEEP
  
  49152:mZYaw9wenh9vKo73FDIIp0/fdU7e3JM3XoyJ5beoSfOzcE1K:Ww9wap3FUu+a7e3JM3XJFJSWzcE1K
Score

7^/10

adware discovery persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer