594e5a0c688f3120678e3f93ea43b909368254c8fea562746ded1dfb37d26431 | Triage

Sharing

General

Target

3ecb0ce18596ea3aff93491b042e5eee_JaffaCakes118
Size

717KB
Sample

241013-karjns1dqj
MD5

3ecb0ce18596ea3aff93491b042e5eee
SHA1

e0a2bca07f898d0b95b9df5816cfb2429252cc5c
SHA256

594e5a0c688f3120678e3f93ea43b909368254c8fea562746ded1dfb37d26431
SHA512

4a446f8b8b1a27da2ae1d20e8c2f337e22e4c0add11724c2052a5885f4fbf8d0cf77f8530f4ba4d28eeb76c06a6c2c4265b363b90d6679ab50d4917d11afc778
SSDEEP

12288:HKnekrL58ncENBcexehLpJpXMLoATGiwfuzMxSe6IOQ7OqaStWxbY:sLi/NBcThLFXk3yiwEUt6ZzlEWxbY

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  3ecb0ce18596ea3aff93491b042e5eee_JaffaCakes118
- Size
  
  717KB
- MD5
  
  3ecb0ce18596ea3aff93491b042e5eee
- SHA1
  
  e0a2bca07f898d0b95b9df5816cfb2429252cc5c
- SHA256
  
  594e5a0c688f3120678e3f93ea43b909368254c8fea562746ded1dfb37d26431
- SHA512
  
  4a446f8b8b1a27da2ae1d20e8c2f337e22e4c0add11724c2052a5885f4fbf8d0cf77f8530f4ba4d28eeb76c06a6c2c4265b363b90d6679ab50d4917d11afc778
- SSDEEP
  
  12288:HKnekrL58ncENBcexehLpJpXMLoATGiwfuzMxSe6IOQ7OqaStWxbY:sLi/NBcThLFXk3yiwEUt6ZzlEWxbY
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer