0bf8dd9987db9a2a273b1b1df1ced765dfaf2ec784cdd76aa3282c1d37072708 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

170adc5d24276b757f3ccecc7ff739b2_JaffaCakes118
Size

1.1MB
Sample

241005-kzss2awhlj
MD5

170adc5d24276b757f3ccecc7ff739b2
SHA1

7774dc1b7f44386a94b8232933dd11390b4c4048
SHA256

0bf8dd9987db9a2a273b1b1df1ced765dfaf2ec784cdd76aa3282c1d37072708
SHA512

371e6159d3ec605f39700f9b5f4bce2767f0feabd6fd4ab6aaa6ee74d4c2d5d716cc3d545b1a0c945bdcc2fdc574a1714c81b02f236d60fdd904737953d558e4
SSDEEP

24576:h1OYdaOkOBsFEt5hDG0SAMs9jR/jaJnTJdwY68+UhnWb3aQL:h1OsBOEt5hDG0SAMs9j8nTJ2Y68hWGQL

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  170adc5d24276b757f3ccecc7ff739b2_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  170adc5d24276b757f3ccecc7ff739b2
- SHA1
  
  7774dc1b7f44386a94b8232933dd11390b4c4048
- SHA256
  
  0bf8dd9987db9a2a273b1b1df1ced765dfaf2ec784cdd76aa3282c1d37072708
- SHA512
  
  371e6159d3ec605f39700f9b5f4bce2767f0feabd6fd4ab6aaa6ee74d4c2d5d716cc3d545b1a0c945bdcc2fdc574a1714c81b02f236d60fdd904737953d558e4
- SSDEEP
  
  24576:h1OYdaOkOBsFEt5hDG0SAMs9jR/jaJnTJdwY68+UhnWb3aQL:h1OsBOEt5hDG0SAMs9j8nTJ2Y68hWGQL
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer