7fc6667437072cad620b7a531ff8cc39ff8c231832f075a4b8db3137dc629cba | Triage

Sharing

General

Target

fe1c426cb92802fc1e6cd9dfd5ae182d_JaffaCakes118
Size

2.9MB
Sample

240929-j2b3mavhqr
MD5

fe1c426cb92802fc1e6cd9dfd5ae182d
SHA1

25b0fbb76cb28a9645bd5b370d7d91bf367313b1
SHA256

7fc6667437072cad620b7a531ff8cc39ff8c231832f075a4b8db3137dc629cba
SHA512

2f4aef9b7e12a5fb4aba1fdcec44074cbc08b2a3e2c736fcdd4b77e32ea0096de3bab139306a55510e4d90ab6013589b1dd2ad56fd2b2ce18c0241ad6d02dcd2
SSDEEP

49152:ZYRGywzExp6f6H2BfdyX9iEkT4kxJn/TWZV1U6rz6rGPmB4hGrwdzfF8pPKRW/Bm:q+zSp6f6HAfdC8Ek8kxJ/aZrUyzW4maH

Score

7^/10

adware discovery execution stealer

Malware Config

Targets

- Target
  
  fe1c426cb92802fc1e6cd9dfd5ae182d_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  fe1c426cb92802fc1e6cd9dfd5ae182d
- SHA1
  
  25b0fbb76cb28a9645bd5b370d7d91bf367313b1
- SHA256
  
  7fc6667437072cad620b7a531ff8cc39ff8c231832f075a4b8db3137dc629cba
- SHA512
  
  2f4aef9b7e12a5fb4aba1fdcec44074cbc08b2a3e2c736fcdd4b77e32ea0096de3bab139306a55510e4d90ab6013589b1dd2ad56fd2b2ce18c0241ad6d02dcd2
- SSDEEP
  
  49152:ZYRGywzExp6f6H2BfdyX9iEkT4kxJn/TWZV1U6rz6rGPmB4hGrwdzfF8pPKRW/Bm:q+zSp6f6HAfdC8Ek8kxJ/aZrUyzW4maH
Score

7^/10

discovery adware stealer
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $SYSDIR/Eminem_Screensaver.scr
- Size
  
  2.2MB
- MD5
  
  ea6e41e5ffef5e569461419b75c3010b
- SHA1
  
  1a3035985c6be3e9927f8c696554d60ccec748aa
- SHA256
  
  98b3af807800861fa54157e5d22fc01e6df9e7c50f925da9facf0df2807c7938
- SHA512
  
  fbfc95da35dea3fdaefeaa6de70afa02cb744760591dee86555960c56ec4af986de3a59e6caf1e1634d64d5146347ccac3f16c28bdf86d79471068d41b501138
- SSDEEP
  
  49152:2WHAwK3/kIlJwIKgESSHUuy0zZG3COmTCpTktYYc/zq1U8ljOre1j:5AwKvkEJwIKg60m83VXZktYYc7q1OW
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $TEMP/dospop.exe
- Size
  
  806KB
- MD5
  
  067a003a0740da60aaa074f45d5266c5
- SHA1
  
  a5016ff1703d63c215da0f331003759f70f33659
- SHA256
  
  edb695897f58c9e5533136fa7836216e2463fcaafd1d82dd5e50fa0fd4be471e
- SHA512
  
  ae692fc8f5a71d4c189e91bf2d0dc0eea7e7636ebfa911dc76f6cbe69f6f7fb5ed2a497e92de39ad77aab166155a01a4b7ff6f493a63f1639b952431a16d007d
- SSDEEP
  
  24576:JlzyMuPssLniF/pnFmXb7R5tdpEpFbI+PXj:D2FziFjmX/R3/C+i
Score

7^/10

adware discovery stealer
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral5 behavioral6
- Target
  
  tbu03852/dospop.dll
- Size
  
  2.1MB
- MD5
  
  0f1846b9162b08ba83b187f8b812882a
- SHA1
  
  3bb577471354017b5c8f6ff1f5159801000110e8
- SHA256
  
  0c647f88a0f7f7d6ea9796bd7b0401b6359edeb21060c26b911dcfdfc874b37f
- SHA512
  
  ebacf6356894c8159d6ce0a3a4aac973b09ad6e80751f0edfda004e1df5cc2221f9967d1eff0cb59a3acfbede05e92ddd20b1dc095b2db65ca5c3eb278b9e5c0
- SSDEEP
  
  24576:Wp59EhTXStxDbjCAeCQlCZe/Eh9G9la4QoaTVDv9:AkMCNlq0aRoaTd
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  tbu03852/options.html
- Size
  
  6KB
- MD5
  
  adc6e16ce6e97bd1eb19d3a8dad7274f
- SHA1
  
  12b55eab3225b2250ba051803f7d791db59a46a1
- SHA256
  
  29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b
- SHA512
  
  2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103
- SSDEEP
  
  96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  tbu03852/static_img.html
- Size
  
  503B
- MD5
  
  2caff3519f5be538757c467d4fec4756
- SHA1
  
  7e77344f049d9ee4d216b6f412c01ba28596773c
- SHA256
  
  e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415
- SHA512
  
  029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  tbu03852/static_pub.html
- Size
  
  599B
- MD5
  
  0bf3de7de6f6a9ece7674fb245c7e428
- SHA1
  
  a71d601820676d5741734e825c7347d59570bc98
- SHA256
  
  29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b
- SHA512
  
  30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  tbu03852/tbhelper.dll
- Size
  
  316KB
- MD5
  
  8285d06c80bb289d22d7c67c4df2d51c
- SHA1
  
  0aa83342fd5d23de18fb5da4c4405ddc5b13d75f
- SHA256
  
  d5df73f377bb5113a5e1c4f7872db6ec4753568a1dadf8d5d09798ac9038ad29
- SHA512
  
  8de26c47bbcf0ea1dcab869ac21eb6d13751a913903a179fbd3ad8f30f0429b15c60af53c68b2661a7adb34a310ba7d91281da34f0ddfe595c409e11c0f34775
- SSDEEP
  
  6144:Kvpv2m1KWKTRgvPrUdT4+ND9et9Q9Pmcl:Kp2mwWKqvPn2AtBM
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  tbu03852/tbs_include_script_008091.js
- Size
  
  2KB
- MD5
  
  b734be75b8963660abfa7412095c7a82
- SHA1
  
  6091ffb358b2596d53f4e74e09da01326258dce8
- SHA256
  
  078d1eadf0733de055e1ca4ff03bdab7203a66823e9cb4d5a8539d84276759a5
- SHA512
  
  1bd848ab95724bf8b7c6dc2e91a066a85c0d6239c16c3e548cfaa7a6e57c62e432b820b7503e998bc205d9153ec28c7e590610b8f4481e28b2ef6df35f14cf68
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  tbu03852/uninstall.exe
- Size
  
  48KB
- MD5
  
  652d9d1fc071f90c3e0adb8d79d7ade2
- SHA1
  
  b63b34d5b3f2d5b75b0b5ff3290752ae1cf3a68a
- SHA256
  
  7c30673fde7090d6f74623d9bf99e1b2f9661ec94d21d3c2ffb80e1c56d60891
- SHA512
  
  410d3c2ce92e5db4c12c46d399e88dac97be784f2b50946e40ba1689a524542e6220864d35d625c3cbb104e20ee351362dbb100423224d319fa62add5c3fa1ae
- SSDEEP
  
  768:HQgC+b3qHaACorVKlW7kn5NyUQZrf+kEuBbtmtw:pba6AC0K+kn5NnQgCltww
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  tbu03852/update.exe
- Size
  
  76KB
- MD5
  
  c050609bcf90684099902c043661e739
- SHA1
  
  e471468f128e3f8899d53f54f0fd64561a297210
- SHA256
  
  3751b8982c25d16aee9bc7dd5e22c83f323c8c68780012773612778f20279af8
- SHA512
  
  2e199a074fbef486518949bd57da18b7b221eb1d9d391c30d7ee73817e2d514438d25ed46f2ab68f79f0645013df5fd35100eebc805bea3830aa7b1cfb8d9846
- SSDEEP
  
  768:kcBMGw/DoPE/HxUNtN8eWbSQxH+Ns1HBBlKstEZxrxchYy0tkwAhY/zGUiwfGI9f:kcB9VARUeb7xGtNcK9kwAhijhfGTthiF
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Uninstall.exe
- Size
  
  49KB
- MD5
  
  c6d317928b22189d530265651ca567a6
- SHA1
  
  18998323966353aa148d49dd733c4c79ff222e17
- SHA256
  
  ad57c2c999d318db908260079bd10e5cd9684fd5fb9b207d9bfe6bc5c93e377f
- SHA512
  
  25e393cca057491435e4b088be8d6b1031ab85aa3a310dad8af0a21b671f065cc850c9c74dbbac84a7fa39e82e5009e707cd521856036d969097eb46b8c94a0d
- SSDEEP
  
  1536:DRf1o2Ca7qiagSshdS0D6mJjgdLeAyNLXi:Dpj7EUbD6mJjceA4i
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverystealer

behavioral3

behavioral4

behavioral5

adwarediscoverystealer

behavioral6

adwarediscoverystealer

behavioral7

adwarediscoverystealer

behavioral8

adwarediscoverystealer

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24