2310e7ae3cd96867d6185fe0042521534157c9da7ebb25fc972688c8bb7d5a24 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55b35d90b23c0c198fe61951d2f3d9c3_JaffaCakes118
Size

551KB
Sample

241018-f5sm1asglm
MD5

55b35d90b23c0c198fe61951d2f3d9c3
SHA1

d30cf7ae5504d73eb3b5bb68c42cd78091eee9eb
SHA256

2310e7ae3cd96867d6185fe0042521534157c9da7ebb25fc972688c8bb7d5a24
SHA512

9ce716d0edbb810fd72eb2fd5e52511e11a34a08bc70a154deec1fb483380ff3f066079ec2efd661ebc7e425a025d5d45f5e83cbead50bcbc63f8b437825a49d
SSDEEP

12288:h1OgLdaO8Wctn+MEfOUgbJuMmFcouJqkz:h1OYdaO8tMOUgJHJJqkz

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  55b35d90b23c0c198fe61951d2f3d9c3_JaffaCakes118
- Size
  
  551KB
- MD5
  
  55b35d90b23c0c198fe61951d2f3d9c3
- SHA1
  
  d30cf7ae5504d73eb3b5bb68c42cd78091eee9eb
- SHA256
  
  2310e7ae3cd96867d6185fe0042521534157c9da7ebb25fc972688c8bb7d5a24
- SHA512
  
  9ce716d0edbb810fd72eb2fd5e52511e11a34a08bc70a154deec1fb483380ff3f066079ec2efd661ebc7e425a025d5d45f5e83cbead50bcbc63f8b437825a49d
- SSDEEP
  
  12288:h1OgLdaO8Wctn+MEfOUgbJuMmFcouJqkz:h1OYdaO8tMOUgJHJJqkz
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer