421e0e6a873d54e8c0a9e237f06c56614b551c5a376aed49b73e1c2334b86802 | Triage

Sharing

General

Target

826ac4ac8bd58186603919d44e7c1d38_JaffaCakes118
Size

551KB
Sample

241031-j2dlfsvdkr
MD5

826ac4ac8bd58186603919d44e7c1d38
SHA1

911bdb25be59b6154b43d2cbb097e4705ec1d756
SHA256

421e0e6a873d54e8c0a9e237f06c56614b551c5a376aed49b73e1c2334b86802
SHA512

8a2e81bea35666b8abdc6846e6e2ec866aefe660790ea3038a28a8d4ed3862b026894ba22d4e7b61044bed91d81bb361a09563f296404ab7fdb47a81dc988100
SSDEEP

12288:h1OgLdaOwgbJuMmFcouJqkXWctn+MEfOS:h1OYdaOwgJHJJqkXtMOS

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  826ac4ac8bd58186603919d44e7c1d38_JaffaCakes118
- Size
  
  551KB
- MD5
  
  826ac4ac8bd58186603919d44e7c1d38
- SHA1
  
  911bdb25be59b6154b43d2cbb097e4705ec1d756
- SHA256
  
  421e0e6a873d54e8c0a9e237f06c56614b551c5a376aed49b73e1c2334b86802
- SHA512
  
  8a2e81bea35666b8abdc6846e6e2ec866aefe660790ea3038a28a8d4ed3862b026894ba22d4e7b61044bed91d81bb361a09563f296404ab7fdb47a81dc988100
- SSDEEP
  
  12288:h1OgLdaOwgbJuMmFcouJqkXWctn+MEfOS:h1OYdaOwgJHJJqkXtMOS
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer