a8c0000cccea652864c0bd5eae58f0a37453f91633f15ce5e5cd343d123b6f11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13729f408b2f6b90266f9d49a260a645_JaffaCakes118
Size

551KB
Sample

241004-p68v2svflk
MD5

13729f408b2f6b90266f9d49a260a645
SHA1

b608bd81ce8369dd7f3f1532ae48c769a48c2329
SHA256

a8c0000cccea652864c0bd5eae58f0a37453f91633f15ce5e5cd343d123b6f11
SHA512

ad3aa7ac3f8932b5b5c6193649483fd0cb9f679641a62014391739d3dcab6f697a647d8a1d6fbf835f1d0eb9747156f853d14cdaf4f3bf923ff6e130b3299847
SSDEEP

12288:h1OgLdaOKkgbJuMmFcouJqkXWctn+MEfOh:h1OYdaOKkgJHJJqkXtMOh

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  13729f408b2f6b90266f9d49a260a645_JaffaCakes118
- Size
  
  551KB
- MD5
  
  13729f408b2f6b90266f9d49a260a645
- SHA1
  
  b608bd81ce8369dd7f3f1532ae48c769a48c2329
- SHA256
  
  a8c0000cccea652864c0bd5eae58f0a37453f91633f15ce5e5cd343d123b6f11
- SHA512
  
  ad3aa7ac3f8932b5b5c6193649483fd0cb9f679641a62014391739d3dcab6f697a647d8a1d6fbf835f1d0eb9747156f853d14cdaf4f3bf923ff6e130b3299847
- SSDEEP
  
  12288:h1OgLdaOKkgbJuMmFcouJqkXWctn+MEfOh:h1OYdaOKkgJHJJqkXtMOh
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer