31e08e60e0f8a4268f8ceceb91992e1eaac66c905962f26fa6987a5d9c643cb3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d13890049bfb3a8845e9da92790f228_JaffaCakes118
Size

2.3MB
Sample

241003-an1pdsybqc
MD5

0d13890049bfb3a8845e9da92790f228
SHA1

84160998d30cd43eb7754f670b3606ed90dd03ee
SHA256

31e08e60e0f8a4268f8ceceb91992e1eaac66c905962f26fa6987a5d9c643cb3
SHA512

68f631b6fb2e81174ec5a8575bb11932eb0325f18d5d217be662ffc707b5fe36ab84da9a35ef9ade034fb376f6b5553ffbc836e2016134a8939c8fd1a24efaa9
SSDEEP

49152:Ru26FYYHawTokhyUT7aVa3+gws2GsMI9K2upHJcQrtnGQRoEebA5rOYiZnN:w2+HNj6V4T7IMRp9JGgoEebSivZnN

Score

7^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Targets

- Target
  
  0d13890049bfb3a8845e9da92790f228_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  0d13890049bfb3a8845e9da92790f228
- SHA1
  
  84160998d30cd43eb7754f670b3606ed90dd03ee
- SHA256
  
  31e08e60e0f8a4268f8ceceb91992e1eaac66c905962f26fa6987a5d9c643cb3
- SHA512
  
  68f631b6fb2e81174ec5a8575bb11932eb0325f18d5d217be662ffc707b5fe36ab84da9a35ef9ade034fb376f6b5553ffbc836e2016134a8939c8fd1a24efaa9
- SSDEEP
  
  49152:Ru26FYYHawTokhyUT7aVa3+gws2GsMI9K2upHJcQrtnGQRoEebA5rOYiZnN:w2+HNj6V4T7IMRp9JGgoEebSivZnN
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

behavioral2

adwarediscoverypersistenceprivilege_escalationstealer