ff8c84302b9e49c8e06e3b1a2bb3c18dc084a350fd047f3da3c4ba7ba1d3c6e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04c05bd408ec42992f2677de4ef810b8_JaffaCakes118
Size

551KB
Sample

241001-hk5g6swdjq
MD5

04c05bd408ec42992f2677de4ef810b8
SHA1

ebc1e01e8b494a456148b2a2e27a918715a08141
SHA256

ff8c84302b9e49c8e06e3b1a2bb3c18dc084a350fd047f3da3c4ba7ba1d3c6e8
SHA512

c1306d984673b9ddd953ee6717676e5ed041aa34194281e87d46597abd2af9523aa8be9224173646d775ab6c794f72491806dbe19026992b8f3b0311f1920735
SSDEEP

12288:h1OgLdaOngbJuMmFcouJqkXWctn+MEfOL:h1OYdaOngJHJJqkXtMOL

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  04c05bd408ec42992f2677de4ef810b8_JaffaCakes118
- Size
  
  551KB
- MD5
  
  04c05bd408ec42992f2677de4ef810b8
- SHA1
  
  ebc1e01e8b494a456148b2a2e27a918715a08141
- SHA256
  
  ff8c84302b9e49c8e06e3b1a2bb3c18dc084a350fd047f3da3c4ba7ba1d3c6e8
- SHA512
  
  c1306d984673b9ddd953ee6717676e5ed041aa34194281e87d46597abd2af9523aa8be9224173646d775ab6c794f72491806dbe19026992b8f3b0311f1920735
- SSDEEP
  
  12288:h1OgLdaOngbJuMmFcouJqkXWctn+MEfOL:h1OYdaOngJHJJqkXtMOL
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer