fee7667ef95398ab50092518c73c82b1f5a72b6a4bc3a350fffa6d9e752cfe6c | Triage

Sharing

General

Target

083919338a4dec4456187c7aef10a932_JaffaCakes118
Size

717KB
Sample

241002-bpwmhateme
MD5

083919338a4dec4456187c7aef10a932
SHA1

e4e3633a1885836348e66b0d33540e2120f9a604
SHA256

fee7667ef95398ab50092518c73c82b1f5a72b6a4bc3a350fffa6d9e752cfe6c
SHA512

c87fd77f45d7bf1583fbfcbc6ae0f0585cd850bdc26fd11a21fcbd48f3914dd9bbb5fb7792a2a19eac6396acf336f1ad734c033d807f2bf5bf0761244a5449bb
SSDEEP

12288:UKnekrL58wdX5Ig7aaBSzkMbGVBBgvtqpUsU3WRtQ+UUf0qYnz5YNJiQ:9Lic5IzacWb5pTU30Nt2nzmNYQ

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  083919338a4dec4456187c7aef10a932_JaffaCakes118
- Size
  
  717KB
- MD5
  
  083919338a4dec4456187c7aef10a932
- SHA1
  
  e4e3633a1885836348e66b0d33540e2120f9a604
- SHA256
  
  fee7667ef95398ab50092518c73c82b1f5a72b6a4bc3a350fffa6d9e752cfe6c
- SHA512
  
  c87fd77f45d7bf1583fbfcbc6ae0f0585cd850bdc26fd11a21fcbd48f3914dd9bbb5fb7792a2a19eac6396acf336f1ad734c033d807f2bf5bf0761244a5449bb
- SSDEEP
  
  12288:UKnekrL58wdX5Ig7aaBSzkMbGVBBgvtqpUsU3WRtQ+UUf0qYnz5YNJiQ:9Lic5IzacWb5pTU30Nt2nzmNYQ
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer