8f6e28c271eb2b8d7aa84b48d2a08b4f3b78948e2e66a3943724a62ac81dee43 | Triage

Sharing

General

Target

26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118
Size

551KB
Sample

241008-3bp2ca1hqh
MD5

26f5746bcf7f27c4f7062ee2c1eb0c6e
SHA1

5eab25551220a7911eaa19297ce88b54421dc6a9
SHA256

8f6e28c271eb2b8d7aa84b48d2a08b4f3b78948e2e66a3943724a62ac81dee43
SHA512

0a3459a77094b02fe73f626b92152a51b655e2891d5e89508dd4ac855f9269188816696e5ef3b4eb398c3cf4f0c9a39cc5bd202cdc575231436c760ae1964cc8
SSDEEP

12288:h1OgLdaORvoNhWctn+MEfOUgbJuMmFcouJqkp:h1OYdaO9oNhtMOUgJHJJqkp

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  26f5746bcf7f27c4f7062ee2c1eb0c6e_JaffaCakes118
- Size
  
  551KB
- MD5
  
  26f5746bcf7f27c4f7062ee2c1eb0c6e
- SHA1
  
  5eab25551220a7911eaa19297ce88b54421dc6a9
- SHA256
  
  8f6e28c271eb2b8d7aa84b48d2a08b4f3b78948e2e66a3943724a62ac81dee43
- SHA512
  
  0a3459a77094b02fe73f626b92152a51b655e2891d5e89508dd4ac855f9269188816696e5ef3b4eb398c3cf4f0c9a39cc5bd202cdc575231436c760ae1964cc8
- SSDEEP
  
  12288:h1OgLdaORvoNhWctn+MEfOUgbJuMmFcouJqkp:h1OYdaO9oNhtMOUgJHJJqkp
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer