b74cacea74a56cb2539dfc63912e2af4de57dd93c3e3456e6e9d2ceaa10dc2c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4662ce7806d09eeddb0d9291be5e9b97_JaffaCakes118
Size

2.1MB
Sample

241015-hsypla1cma
MD5

4662ce7806d09eeddb0d9291be5e9b97
SHA1

a390ac0c656ff9df09d2bb06bbc6a5d0c24dd1f0
SHA256

b74cacea74a56cb2539dfc63912e2af4de57dd93c3e3456e6e9d2ceaa10dc2c5
SHA512

fdea753fc5ca910fc2b99b2f6dc072ba18a9413c0ab6a0dd2549ac32566cbc3d98f58c26d34226e6cae7b4c4c968f9ae7d360c1f51363678f918940be27e5f9f
SSDEEP

49152:u9cTfcBU0Ny1x16Yf4WNKlTTKjgvpqQbTh4gUMFIaEOrwGV:JLf664WN4TZpqQbTh4Cb5rw8

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  4662ce7806d09eeddb0d9291be5e9b97_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  4662ce7806d09eeddb0d9291be5e9b97
- SHA1
  
  a390ac0c656ff9df09d2bb06bbc6a5d0c24dd1f0
- SHA256
  
  b74cacea74a56cb2539dfc63912e2af4de57dd93c3e3456e6e9d2ceaa10dc2c5
- SHA512
  
  fdea753fc5ca910fc2b99b2f6dc072ba18a9413c0ab6a0dd2549ac32566cbc3d98f58c26d34226e6cae7b4c4c968f9ae7d360c1f51363678f918940be27e5f9f
- SSDEEP
  
  49152:u9cTfcBU0Ny1x16Yf4WNKlTTKjgvpqQbTh4gUMFIaEOrwGV:JLf664WN4TZpqQbTh4Cb5rw8
Score

7^/10

adware discovery persistence spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencespywarestealer

behavioral2

adwarediscoverypersistencespywarestealer