6ce1acc6df703a96f545dbe9ce158aaed7b469004a4241260ef6445e97ecc06c | Triage

Sharing

General

Target

0b9b9a4e23249b0afae3ad6885d82a1d_JaffaCakes118
Size

552KB
Sample

241002-t5xtlszeqb
MD5

0b9b9a4e23249b0afae3ad6885d82a1d
SHA1

fd3c4576c5831747b50c2e1b39f403d7b5d3127d
SHA256

6ce1acc6df703a96f545dbe9ce158aaed7b469004a4241260ef6445e97ecc06c
SHA512

83d98ddc2289722c61eace51788baf285491f6078cc80ae508603ce2d582f3c0fc184688b6385ea2773fc4fad1119cca5d5467d51d931b69faedf3ce4e35ba4b
SSDEEP

12288:h1OgLdaOSWctn+MEfOUgbJuMmFcouJqk5:h1OYdaOStMOUgJHJJqk5

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  0b9b9a4e23249b0afae3ad6885d82a1d_JaffaCakes118
- Size
  
  552KB
- MD5
  
  0b9b9a4e23249b0afae3ad6885d82a1d
- SHA1
  
  fd3c4576c5831747b50c2e1b39f403d7b5d3127d
- SHA256
  
  6ce1acc6df703a96f545dbe9ce158aaed7b469004a4241260ef6445e97ecc06c
- SHA512
  
  83d98ddc2289722c61eace51788baf285491f6078cc80ae508603ce2d582f3c0fc184688b6385ea2773fc4fad1119cca5d5467d51d931b69faedf3ce4e35ba4b
- SSDEEP
  
  12288:h1OgLdaOSWctn+MEfOUgbJuMmFcouJqk5:h1OYdaOStMOUgJHJJqk5
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer