17eae4f4cff1a761dc553a58407a1c9a1d0c8458fac5e8c0d27a13827e08dc93 | Triage

Sharing

General

Target

b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118
Size

551KB
Sample

241130-fwk7katqdz
MD5

b4efb4a1dae40d30135a1d1b43850843
SHA1

26c94aeb1b1eb266553051131a84f55876d4181a
SHA256

17eae4f4cff1a761dc553a58407a1c9a1d0c8458fac5e8c0d27a13827e08dc93
SHA512

eb8fa2a12e03020d2ae7bd91ca2f119ee13f977d4682cab657fc4eb9da6acbc9838812606041608952b154df7efd28f07e339aaa042dc280ae5ed015c76d97ae
SSDEEP

12288:h1OgLdaOAWctn+MEfOUgbJuMmFcouJqkG:h1OYdaOAtMOUgJHJJqkG

Score

7^/10

adware discovery stealer

Malware Config

Targets

- Target
  
  b4efb4a1dae40d30135a1d1b43850843_JaffaCakes118
- Size
  
  551KB
- MD5
  
  b4efb4a1dae40d30135a1d1b43850843
- SHA1
  
  26c94aeb1b1eb266553051131a84f55876d4181a
- SHA256
  
  17eae4f4cff1a761dc553a58407a1c9a1d0c8458fac5e8c0d27a13827e08dc93
- SHA512
  
  eb8fa2a12e03020d2ae7bd91ca2f119ee13f977d4682cab657fc4eb9da6acbc9838812606041608952b154df7efd28f07e339aaa042dc280ae5ed015c76d97ae
- SSDEEP
  
  12288:h1OgLdaOAWctn+MEfOUgbJuMmFcouJqkG:h1OYdaOAtMOUgJHJJqkG
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops Chrome extension
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoverystealer