0aaea086946db06c650a16e8ade1b36abbc84cec7a7f54a35e1c8ef88d7ac574 | Triage

Sharing

General

Target

161ad5c5b2530f85f3d0943133eb768e_JaffaCakes118
Size

551KB
Sample

241005-ery27avcqq
MD5

161ad5c5b2530f85f3d0943133eb768e
SHA1

50e8537657bc5f3fd20e780abb7c95b69d944a22
SHA256

0aaea086946db06c650a16e8ade1b36abbc84cec7a7f54a35e1c8ef88d7ac574
SHA512

2086fafa8b46557969cdc0d8651c0ff16d786dc267573b7238041fb92beb6400739f88c64cf4a666327682cf1577f061007515739d60f066dea75ee53be19589
SSDEEP

12288:h1OgLdaO/gbJuMmFcouJqkXWctn+MEfOQ:h1OYdaO/gJHJJqkXtMOQ

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  161ad5c5b2530f85f3d0943133eb768e_JaffaCakes118
- Size
  
  551KB
- MD5
  
  161ad5c5b2530f85f3d0943133eb768e
- SHA1
  
  50e8537657bc5f3fd20e780abb7c95b69d944a22
- SHA256
  
  0aaea086946db06c650a16e8ade1b36abbc84cec7a7f54a35e1c8ef88d7ac574
- SHA512
  
  2086fafa8b46557969cdc0d8651c0ff16d786dc267573b7238041fb92beb6400739f88c64cf4a666327682cf1577f061007515739d60f066dea75ee53be19589
- SSDEEP
  
  12288:h1OgLdaO/gbJuMmFcouJqkXWctn+MEfOQ:h1OYdaO/gJHJJqkXtMOQ
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer