48b49c1291744691c21c8a65595c220fea3a9aa1d45b17cad01eabc2be7aad97 | Triage

Sharing

General

Target

083533795b8f09b0a11f69612f2b0873_JaffaCakes118
Size

551KB
Sample

241002-bl7klazcpj
MD5

083533795b8f09b0a11f69612f2b0873
SHA1

9a07861158782be1b909017bc16e0e10106c019f
SHA256

48b49c1291744691c21c8a65595c220fea3a9aa1d45b17cad01eabc2be7aad97
SHA512

fa8877b52e2e2ff8737ba3b63ca75c0edaef27ee9399fbde741148a0e2b3ae9a8de704a17bd960202fe8ef9e62dfc7637ff446c34e7cfcc0aa6d8d9aa6670667
SSDEEP

12288:h1OgLdaOBgbJuMmFcouJqkXWctn+MEfOV:h1OYdaOBgJHJJqkXtMOV

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  083533795b8f09b0a11f69612f2b0873_JaffaCakes118
- Size
  
  551KB
- MD5
  
  083533795b8f09b0a11f69612f2b0873
- SHA1
  
  9a07861158782be1b909017bc16e0e10106c019f
- SHA256
  
  48b49c1291744691c21c8a65595c220fea3a9aa1d45b17cad01eabc2be7aad97
- SHA512
  
  fa8877b52e2e2ff8737ba3b63ca75c0edaef27ee9399fbde741148a0e2b3ae9a8de704a17bd960202fe8ef9e62dfc7637ff446c34e7cfcc0aa6d8d9aa6670667
- SSDEEP
  
  12288:h1OgLdaOBgbJuMmFcouJqkXWctn+MEfOV:h1OYdaOBgJHJJqkXtMOV
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer