1e24be50b447c99792bc77054da30018cc7b38d93fb63c9432fae43c6d65d9c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01af3eb235b095bdd5980323be7359da_JaffaCakes118
Size

166KB
Sample

240930-q9a9mashma
MD5

01af3eb235b095bdd5980323be7359da
SHA1

247a9e0d9674d07c3da41faf383f1d30e569c01d
SHA256

1e24be50b447c99792bc77054da30018cc7b38d93fb63c9432fae43c6d65d9c0
SHA512

b06a3bfe1ea0f72ebd0107e96960492f78afba2751e3cfef645dfdb801768f8159d7c696fe1061615fabd2fffa46bb68f279856f54476f0e1078ea4e92c83cc3
SSDEEP

3072:BB+/3kbkJpU4BB/I+H1VWpvZUoNF+dm4NzLXZIjAXczw9:BrfoH1VWvUc+dvNBcz2

Score

7^/10

adware bootkit discovery persistence stealer

Malware Config

Targets

- Target
  
  01af3eb235b095bdd5980323be7359da_JaffaCakes118
- Size
  
  166KB
- MD5
  
  01af3eb235b095bdd5980323be7359da
- SHA1
  
  247a9e0d9674d07c3da41faf383f1d30e569c01d
- SHA256
  
  1e24be50b447c99792bc77054da30018cc7b38d93fb63c9432fae43c6d65d9c0
- SHA512
  
  b06a3bfe1ea0f72ebd0107e96960492f78afba2751e3cfef645dfdb801768f8159d7c696fe1061615fabd2fffa46bb68f279856f54476f0e1078ea4e92c83cc3
- SSDEEP
  
  3072:BB+/3kbkJpU4BB/I+H1VWpvZUoNF+dm4NzLXZIjAXczw9:BrfoH1VWvUc+dvNBcz2
Score

7^/10

adware bootkit discovery persistence stealer
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitdiscoverypersistencestealer

behavioral2

adwarebootkitdiscoverypersistencestealer