07421ca1b048a86f1402c190aff5e7015425f1cfc2a2ca404749127f0c293f61 | Triage

Sharing

General

Target

fde30ca5f93ac458a82b670819500e6c_JaffaCakes118
Size

26KB
Sample

240929-f7bgha1frn
MD5

fde30ca5f93ac458a82b670819500e6c
SHA1

8b966e1060ac3f1918c080f73c08e241c1b11953
SHA256

07421ca1b048a86f1402c190aff5e7015425f1cfc2a2ca404749127f0c293f61
SHA512

7bddca9ee2d0833e7d52523721c6d073e498fc860f4927b6ca75ee36941d09a8fce2e61738dd8cc4d0a76bba11142c0d01876495803785884ce15443135c7610
SSDEEP

384:qjVqdMWM6vChYJ12j6O4nqH5EJdmKyUojRQ+RT9ItROj:qjVqdMWM6KhYn+6bqgsUojRQmT9Sm

Score

8^/10

adware discovery persistence stealer

Malware Config

Targets

- Target
  
  fde30ca5f93ac458a82b670819500e6c_JaffaCakes118
- Size
  
  26KB
- MD5
  
  fde30ca5f93ac458a82b670819500e6c
- SHA1
  
  8b966e1060ac3f1918c080f73c08e241c1b11953
- SHA256
  
  07421ca1b048a86f1402c190aff5e7015425f1cfc2a2ca404749127f0c293f61
- SHA512
  
  7bddca9ee2d0833e7d52523721c6d073e498fc860f4927b6ca75ee36941d09a8fce2e61738dd8cc4d0a76bba11142c0d01876495803785884ce15443135c7610
- SSDEEP
  
  384:qjVqdMWM6vChYJ12j6O4nqH5EJdmKyUojRQ+RT9ItROj:qjVqdMWM6KhYn+6bqgsUojRQmT9Sm
Score

8^/10

adware discovery persistence stealer
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer