49b14336a8119ea9d58a65814aa7f12d6ae66b8fdd10ebeab34fbe65a33c7904 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08909ab51f59fc3fd0f0840f0d126fac_JaffaCakes118
Size

549KB
Sample

241002-dj6xdstfpm
MD5

08909ab51f59fc3fd0f0840f0d126fac
SHA1

ce8035727acc921065c28316df1052514e9d837b
SHA256

49b14336a8119ea9d58a65814aa7f12d6ae66b8fdd10ebeab34fbe65a33c7904
SHA512

5e65c378f87b6dc15e63d84b28744298c22747fc272039ddd48989b946497974da1a5f531db154bcf5dd0a1d5871d25293fc4d4d2a38ddbe783e9db1fd38abce
SSDEEP

12288:h1OgLdaOJWctn+MEfOUgbJuMmFcouJqkb:h1OYdaOJtMOUgJHJJqkb

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  08909ab51f59fc3fd0f0840f0d126fac_JaffaCakes118
- Size
  
  549KB
- MD5
  
  08909ab51f59fc3fd0f0840f0d126fac
- SHA1
  
  ce8035727acc921065c28316df1052514e9d837b
- SHA256
  
  49b14336a8119ea9d58a65814aa7f12d6ae66b8fdd10ebeab34fbe65a33c7904
- SHA512
  
  5e65c378f87b6dc15e63d84b28744298c22747fc272039ddd48989b946497974da1a5f531db154bcf5dd0a1d5871d25293fc4d4d2a38ddbe783e9db1fd38abce
- SSDEEP
  
  12288:h1OgLdaOJWctn+MEfOUgbJuMmFcouJqkb:h1OYdaOJtMOUgJHJJqkb
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer