d40e935474967650d698d8ba96ac8983fe8fee987c6c800b34cb895127e9490b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe583e6e907f892f2c01e3a7468ce669_JaffaCakes118
Size

129KB
Sample

240929-mmscvazhkj
MD5

fe583e6e907f892f2c01e3a7468ce669
SHA1

c411f70ba915338fc1ca231dfb851254b0354a22
SHA256

d40e935474967650d698d8ba96ac8983fe8fee987c6c800b34cb895127e9490b
SHA512

99427f5d43fc0b5a24bbda1eaf9cc8d06c5bf8df85160b1e75377ae57b867be40fa837988666edc571a1492a7d902bdafd6579ae182f6c11a0ed82c200351cc9
SSDEEP

3072:w5IyhTYR4Zy7qc7wCwOuoFnO+fb7/Tb79T1eg+:OIyhTYR4Zy7qc7wbolhz7xS

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  fe583e6e907f892f2c01e3a7468ce669_JaffaCakes118
- Size
  
  129KB
- MD5
  
  fe583e6e907f892f2c01e3a7468ce669
- SHA1
  
  c411f70ba915338fc1ca231dfb851254b0354a22
- SHA256
  
  d40e935474967650d698d8ba96ac8983fe8fee987c6c800b34cb895127e9490b
- SHA512
  
  99427f5d43fc0b5a24bbda1eaf9cc8d06c5bf8df85160b1e75377ae57b867be40fa837988666edc571a1492a7d902bdafd6579ae182f6c11a0ed82c200351cc9
- SSDEEP
  
  3072:w5IyhTYR4Zy7qc7wCwOuoFnO+fb7/Tb79T1eg+:OIyhTYR4Zy7qc7wbolhz7xS
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer