20f4280f8ac312a0bdd2887a7cad554f3786fa2c3dfb5964f6a9c9f1a4ef7083 | Triage

Sharing

General

Target

25551fb53a939da08ff2899c0ac64676_JaffaCakes118
Size

551KB
Sample

241008-zqzmjswamm
MD5

25551fb53a939da08ff2899c0ac64676
SHA1

9da7bf230e76435cfb7659b3fb08df2a643caf40
SHA256

20f4280f8ac312a0bdd2887a7cad554f3786fa2c3dfb5964f6a9c9f1a4ef7083
SHA512

3caa80bac696aca3907f15b0fb0fc08d057a258fdf3103f5ba2fa7d991bfe8883a9ffbf7f072513251623ce94173ec8ddd9fce346d2feea6b8038b301bddcd6e
SSDEEP

12288:h1OgLdaOYgbJuMmFcouJqkXWctn+MEfO6:h1OYdaOYgJHJJqkXtMO6

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  25551fb53a939da08ff2899c0ac64676_JaffaCakes118
- Size
  
  551KB
- MD5
  
  25551fb53a939da08ff2899c0ac64676
- SHA1
  
  9da7bf230e76435cfb7659b3fb08df2a643caf40
- SHA256
  
  20f4280f8ac312a0bdd2887a7cad554f3786fa2c3dfb5964f6a9c9f1a4ef7083
- SHA512
  
  3caa80bac696aca3907f15b0fb0fc08d057a258fdf3103f5ba2fa7d991bfe8883a9ffbf7f072513251623ce94173ec8ddd9fce346d2feea6b8038b301bddcd6e
- SSDEEP
  
  12288:h1OgLdaOYgbJuMmFcouJqkXWctn+MEfO6:h1OYdaOYgJHJJqkXtMO6
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer