488c94694cd1117a023d0ffa3f5783b2e9ee411cf490869a1ac19be8c6d3271f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01a4e24a170e93a2277287235b863c4e_JaffaCakes118
Size

552KB
Sample

240930-q2153ssemd
MD5

01a4e24a170e93a2277287235b863c4e
SHA1

81a9046ef796d8f67767b41e2672e014866c3940
SHA256

488c94694cd1117a023d0ffa3f5783b2e9ee411cf490869a1ac19be8c6d3271f
SHA512

95243af51ab500643859169f5c8e450b4742bab61b12bd9ddf901d02013953ea93f4810ef484edcb90f077caea8781742b2b6a5dc473c6de6179b970bf3ec700
SSDEEP

12288:h1OgLdaOmWctn+MEfOUgbJuMmFcouJqkq:h1OYdaOmtMOUgJHJJqkq

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  01a4e24a170e93a2277287235b863c4e_JaffaCakes118
- Size
  
  552KB
- MD5
  
  01a4e24a170e93a2277287235b863c4e
- SHA1
  
  81a9046ef796d8f67767b41e2672e014866c3940
- SHA256
  
  488c94694cd1117a023d0ffa3f5783b2e9ee411cf490869a1ac19be8c6d3271f
- SHA512
  
  95243af51ab500643859169f5c8e450b4742bab61b12bd9ddf901d02013953ea93f4810ef484edcb90f077caea8781742b2b6a5dc473c6de6179b970bf3ec700
- SSDEEP
  
  12288:h1OgLdaOmWctn+MEfOUgbJuMmFcouJqkq:h1OYdaOmtMOUgJHJJqkq
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer