0f3b78c45e75c4235efceb9a226a39f151d5a16c13283cc48bea5f387308dc36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2aa52a499a6dcb57fabe909ea99549e7_JaffaCakes118
Size

551KB
Sample

241009-et3hdszbmf
MD5

2aa52a499a6dcb57fabe909ea99549e7
SHA1

d243b1d91a8664d1db0afaa66350edcb025e0c67
SHA256

0f3b78c45e75c4235efceb9a226a39f151d5a16c13283cc48bea5f387308dc36
SHA512

4dd412f2356579926e8fc68afff4961fc3e6e8ae58afebb77e22085981c83c24d74da38755d14bc464cc52052f23c221f5c67c823047e6467bbd579da70bcdf1
SSDEEP

12288:h1OgLdaOngbJuMmFcouJqkXWctn+MEfOt:h1OYdaOngJHJJqkXtMOt

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  2aa52a499a6dcb57fabe909ea99549e7_JaffaCakes118
- Size
  
  551KB
- MD5
  
  2aa52a499a6dcb57fabe909ea99549e7
- SHA1
  
  d243b1d91a8664d1db0afaa66350edcb025e0c67
- SHA256
  
  0f3b78c45e75c4235efceb9a226a39f151d5a16c13283cc48bea5f387308dc36
- SHA512
  
  4dd412f2356579926e8fc68afff4961fc3e6e8ae58afebb77e22085981c83c24d74da38755d14bc464cc52052f23c221f5c67c823047e6467bbd579da70bcdf1
- SSDEEP
  
  12288:h1OgLdaOngbJuMmFcouJqkXWctn+MEfOt:h1OYdaOngJHJJqkXtMOt
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer