47397c130d34b19bbf0d29250f742efeb71b00c4ebdc4daa084682e367d09039 | Triage

Sharing

General

Target

256a20b40f27aa8c2a6cbaf7bbb79f5d_JaffaCakes118
Size

551KB
Sample

241008-zv1emswdpp
MD5

256a20b40f27aa8c2a6cbaf7bbb79f5d
SHA1

84aaafe14f751ee7d3907541c37591c6215d916e
SHA256

47397c130d34b19bbf0d29250f742efeb71b00c4ebdc4daa084682e367d09039
SHA512

dcaf0808c3ecd302824f73cae5b6887e76ea6429d4743f10ff0d108ac6bcd2606bcf7fc6fcdb9c3f9899a61d12a7ef73ccc1f989a671bf9b0399ea833750d93a
SSDEEP

12288:h1OgLdaOZWctn+MEfOUgbJuMmFcouJqkk:h1OYdaOZtMOUgJHJJqkk

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  256a20b40f27aa8c2a6cbaf7bbb79f5d_JaffaCakes118
- Size
  
  551KB
- MD5
  
  256a20b40f27aa8c2a6cbaf7bbb79f5d
- SHA1
  
  84aaafe14f751ee7d3907541c37591c6215d916e
- SHA256
  
  47397c130d34b19bbf0d29250f742efeb71b00c4ebdc4daa084682e367d09039
- SHA512
  
  dcaf0808c3ecd302824f73cae5b6887e76ea6429d4743f10ff0d108ac6bcd2606bcf7fc6fcdb9c3f9899a61d12a7ef73ccc1f989a671bf9b0399ea833750d93a
- SSDEEP
  
  12288:h1OgLdaOZWctn+MEfOUgbJuMmFcouJqkk:h1OYdaOZtMOUgJHJJqkk
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer