f184beab964fd535047f9e1420712131727e9c48a6e230c1e3b446970d4ffacc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

458c5411882025a39306cf39375b4cea_JaffaCakes118
Size

717KB
Sample

241015-dp3f6awaqj
MD5

458c5411882025a39306cf39375b4cea
SHA1

b3b039c2ba1702db3559b583b945e534f4b273b6
SHA256

f184beab964fd535047f9e1420712131727e9c48a6e230c1e3b446970d4ffacc
SHA512

aa2f50ec9861ab06fa1d5830c5a9f14c88ddb87ae3252cfe7b5e9ae770d31d14b8cb05c102f2d4cbfe278b6e91739b0ba55c68b283f16bf6d53e2fd31cb2cdb4
SSDEEP

12288:BKnekrL58aUQAU1bfEtFPVUx20WYAZl0SzMZ5GXIiNyAM2u+Z+GTnePjSXH:OLiaRAU1zsPOWYAPzTY2yMxsG6Lc

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  458c5411882025a39306cf39375b4cea_JaffaCakes118
- Size
  
  717KB
- MD5
  
  458c5411882025a39306cf39375b4cea
- SHA1
  
  b3b039c2ba1702db3559b583b945e534f4b273b6
- SHA256
  
  f184beab964fd535047f9e1420712131727e9c48a6e230c1e3b446970d4ffacc
- SHA512
  
  aa2f50ec9861ab06fa1d5830c5a9f14c88ddb87ae3252cfe7b5e9ae770d31d14b8cb05c102f2d4cbfe278b6e91739b0ba55c68b283f16bf6d53e2fd31cb2cdb4
- SSDEEP
  
  12288:BKnekrL58aUQAU1bfEtFPVUx20WYAZl0SzMZ5GXIiNyAM2u+Z+GTnePjSXH:OLiaRAU1zsPOWYAPzTY2yMxsG6Lc
Score

7^/10

adware discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer