3fe269ab1fc1930ab652aef4f7333ed16403f864b8a8da052b4a27287100184e | Triage

Sharing

General

Target

382a06e237bb0e62f531959698158a0f_JaffaCakes118
Size

551KB
Sample

241012-dndreatgrj
MD5

382a06e237bb0e62f531959698158a0f
SHA1

4a64b4e77a477c46bf4e227fe8f42c58a5a593f8
SHA256

3fe269ab1fc1930ab652aef4f7333ed16403f864b8a8da052b4a27287100184e
SHA512

492625a6981fe1d2c53e9fc04eee0755083a1f1bf458d6c4c6c120370bb7ec64e57a7a8e8c16261d220a29b95492a5ed78b51ae6aeff495683ba7403a34eeadb
SSDEEP

12288:h1OgLdaOJWctn+MEfOUgbJuMmFcouJqkZ:h1OYdaOJtMOUgJHJJqkZ

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  382a06e237bb0e62f531959698158a0f_JaffaCakes118
- Size
  
  551KB
- MD5
  
  382a06e237bb0e62f531959698158a0f
- SHA1
  
  4a64b4e77a477c46bf4e227fe8f42c58a5a593f8
- SHA256
  
  3fe269ab1fc1930ab652aef4f7333ed16403f864b8a8da052b4a27287100184e
- SHA512
  
  492625a6981fe1d2c53e9fc04eee0755083a1f1bf458d6c4c6c120370bb7ec64e57a7a8e8c16261d220a29b95492a5ed78b51ae6aeff495683ba7403a34eeadb
- SSDEEP
  
  12288:h1OgLdaOJWctn+MEfOUgbJuMmFcouJqkZ:h1OYdaOJtMOUgJHJJqkZ
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer