264e63bf2f1fe49f109a3b4cf265bc0fe1fa1bc5e75f0ac66e26a1230397e2a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118
Size

551KB
Sample

241013-vd4craxblf
MD5

4100c4c8dc629767495e2e3b38ad7ec2
SHA1

bd2122fa830c6ca468eee994aaf37d72dee8108a
SHA256

264e63bf2f1fe49f109a3b4cf265bc0fe1fa1bc5e75f0ac66e26a1230397e2a6
SHA512

28e0fd78702ac1f66aaccdbc147ae01adf0bd56dc6f6b7d9e94f8e27e8210b3801efde174c636b53010c0202b4c38f53d0aa12d6be9b299d392cbff8d0288f03
SSDEEP

12288:h1OgLdaOCWctn+MEfOUgbJuMmFcouJqkN:h1OYdaOCtMOUgJHJJqkN

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  4100c4c8dc629767495e2e3b38ad7ec2_JaffaCakes118
- Size
  
  551KB
- MD5
  
  4100c4c8dc629767495e2e3b38ad7ec2
- SHA1
  
  bd2122fa830c6ca468eee994aaf37d72dee8108a
- SHA256
  
  264e63bf2f1fe49f109a3b4cf265bc0fe1fa1bc5e75f0ac66e26a1230397e2a6
- SHA512
  
  28e0fd78702ac1f66aaccdbc147ae01adf0bd56dc6f6b7d9e94f8e27e8210b3801efde174c636b53010c0202b4c38f53d0aa12d6be9b299d392cbff8d0288f03
- SSDEEP
  
  12288:h1OgLdaOCWctn+MEfOUgbJuMmFcouJqkN:h1OYdaOCtMOUgJHJJqkN
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer