17edc0eff331e4950ccf422e0bdeb02745ce5590d24d884c9609231b3d2258ba | Triage

Sharing

General

Target

0ce4ba9669a200f6a991adaf717972e7_JaffaCakes118
Size

552KB
Sample

241002-3fr2hawfng
MD5

0ce4ba9669a200f6a991adaf717972e7
SHA1

0b6245be0f3116e4c9f58b40590259cdf4ae0c29
SHA256

17edc0eff331e4950ccf422e0bdeb02745ce5590d24d884c9609231b3d2258ba
SHA512

cc5a8f8a00ceb7fbc8f3f91f6dcffc8fd00971bee92e47422110fc781c4c11744fb000612f8e6c4d24705ee6ac5fb0e52fe2a26a1e87077d814cd8df6d482e69
SSDEEP

12288:h1OgLdaOoWctn+MEfOUgbJuMmFcouJqkM:h1OYdaOotMOUgJHJJqkM

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  0ce4ba9669a200f6a991adaf717972e7_JaffaCakes118
- Size
  
  552KB
- MD5
  
  0ce4ba9669a200f6a991adaf717972e7
- SHA1
  
  0b6245be0f3116e4c9f58b40590259cdf4ae0c29
- SHA256
  
  17edc0eff331e4950ccf422e0bdeb02745ce5590d24d884c9609231b3d2258ba
- SHA512
  
  cc5a8f8a00ceb7fbc8f3f91f6dcffc8fd00971bee92e47422110fc781c4c11744fb000612f8e6c4d24705ee6ac5fb0e52fe2a26a1e87077d814cd8df6d482e69
- SSDEEP
  
  12288:h1OgLdaOoWctn+MEfOUgbJuMmFcouJqkM:h1OYdaOotMOUgJHJJqkM
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer