45a69b9ab8e6c04acd56bcec9a01f79d426381131461b29541aedf7c5a4afcbf | Triage

Sharing

General

Target

04841c8e02494d995571c5effb6c305a_JaffaCakes118
Size

551KB
Sample

241001-f4rz3ssfpr
MD5

04841c8e02494d995571c5effb6c305a
SHA1

59bf295d9f6271efee2237c6b6f89137a8ddb51a
SHA256

45a69b9ab8e6c04acd56bcec9a01f79d426381131461b29541aedf7c5a4afcbf
SHA512

e9c2014c988eca3d875f135007765942678343e91eec80f082ab0aeab6f8843c6b4a3eb7bdc8f411c60668a39a7ee18df0612011efbf49f959d120909ae5fb5e
SSDEEP

12288:h1OgLdaO6Wctn+MEfOUgbJuMmFcouJqkF:h1OYdaO6tMOUgJHJJqkF

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  04841c8e02494d995571c5effb6c305a_JaffaCakes118
- Size
  
  551KB
- MD5
  
  04841c8e02494d995571c5effb6c305a
- SHA1
  
  59bf295d9f6271efee2237c6b6f89137a8ddb51a
- SHA256
  
  45a69b9ab8e6c04acd56bcec9a01f79d426381131461b29541aedf7c5a4afcbf
- SHA512
  
  e9c2014c988eca3d875f135007765942678343e91eec80f082ab0aeab6f8843c6b4a3eb7bdc8f411c60668a39a7ee18df0612011efbf49f959d120909ae5fb5e
- SSDEEP
  
  12288:h1OgLdaO6Wctn+MEfOUgbJuMmFcouJqkF:h1OYdaO6tMOUgJHJJqkF
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer