4317572f5f13b0edcb1e5ae9a510af21f9ae1635983e1b3095192de971560f87 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27890f1af0aadfbae6e1baacda23703c_JaffaCakes118
Size

274KB
Sample

241009-ahbhbasamr
MD5

27890f1af0aadfbae6e1baacda23703c
SHA1

c05b9fbf4573132bbfb75da831981439a444910d
SHA256

4317572f5f13b0edcb1e5ae9a510af21f9ae1635983e1b3095192de971560f87
SHA512

85f4ba8d8f821ca77e335a94e8c07728e3fce747f991451fc981098abfc37edae02870f25169da6ac8fa8aecbc9f31c7822cae709719e7145f2a5e6943610da4
SSDEEP

6144:GckNY+ogm5Iibc/POOOOtOOOOOOOOOOOOOOOOOOOO+OOOOOOOOOOOOOOOOOOOOmN:Go54nOOOOtOOOOOOOOOOOOOOOOOOOO+s

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  27890f1af0aadfbae6e1baacda23703c_JaffaCakes118
- Size
  
  274KB
- MD5
  
  27890f1af0aadfbae6e1baacda23703c
- SHA1
  
  c05b9fbf4573132bbfb75da831981439a444910d
- SHA256
  
  4317572f5f13b0edcb1e5ae9a510af21f9ae1635983e1b3095192de971560f87
- SHA512
  
  85f4ba8d8f821ca77e335a94e8c07728e3fce747f991451fc981098abfc37edae02870f25169da6ac8fa8aecbc9f31c7822cae709719e7145f2a5e6943610da4
- SSDEEP
  
  6144:GckNY+ogm5Iibc/POOOOtOOOOOOOOOOOOOOOOOOOO+OOOOOOOOOOOOOOOOOOOOmN:Go54nOOOOtOOOOOOOOOOOOOOOOOOOO+s
Score

7^/10

adware discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer