71a5013fe788f7e6673bb1c659ae8eea1f2ecefcf3d157f0f48a3b5163b3991c | Triage

Sharing

General

Target

3ddf57664aac51e50550b65ab839fd73_JaffaCakes118
Size

552KB
Sample

241013-feblsstglp
MD5

3ddf57664aac51e50550b65ab839fd73
SHA1

b7c1b83a9e5060b659ea52d66c14d34d2e2ae820
SHA256

71a5013fe788f7e6673bb1c659ae8eea1f2ecefcf3d157f0f48a3b5163b3991c
SHA512

8ee1f80560762986ac5e83a77341a42da26a30070a8b0d90176117b1870c7783bc712a2a1c6ff63679b1ad0b50e0f65735f6ff975174a25a67e4af727e3de659
SSDEEP

12288:h1OgLdaO4Wctn+MEfOUgbJuMmFcouJqku:h1OYdaO4tMOUgJHJJqku

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  3ddf57664aac51e50550b65ab839fd73_JaffaCakes118
- Size
  
  552KB
- MD5
  
  3ddf57664aac51e50550b65ab839fd73
- SHA1
  
  b7c1b83a9e5060b659ea52d66c14d34d2e2ae820
- SHA256
  
  71a5013fe788f7e6673bb1c659ae8eea1f2ecefcf3d157f0f48a3b5163b3991c
- SHA512
  
  8ee1f80560762986ac5e83a77341a42da26a30070a8b0d90176117b1870c7783bc712a2a1c6ff63679b1ad0b50e0f65735f6ff975174a25a67e4af727e3de659
- SSDEEP
  
  12288:h1OgLdaO4Wctn+MEfOUgbJuMmFcouJqku:h1OYdaO4tMOUgJHJJqku
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer