Overview

overview

8

Static

static

3

056518f26a...18.exe

windows7-x64

8

056518f26a...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    056518f26a873389cbb7e29591c47fef_JaffaCakes118

  • Size

    17.1MB

  • Sample

    240428-rssb9ahg35

  • MD5

    056518f26a873389cbb7e29591c47fef

  • SHA1

    aeb62e0dfae894ec460b0fea6b7eb468ba1e7eba

  • SHA256

    4d625dc62c2cf5fbcd19fb5816ac278168bfcb561ee58acd433220b292cc3c6a

  • SHA512

    93eb81ace5f1a5ab9a793778c71ed22f04565eb5433c7e82a8e4852b5ac855a9b61c4848fc1826b964e015f51222a913046227f26c53f0f861f2f1a3bc8e0362

  • SSDEEP

    98304:XX77GBfWgx1t4+Cgaw7YOXwnS4rV5IDQ61HMEYOXwnS4rVuD:vGBfWO1Gj3ISuQ61CI9

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      056518f26a873389cbb7e29591c47fef_JaffaCakes118

    • Size

      17.1MB

    • MD5

      056518f26a873389cbb7e29591c47fef

    • SHA1

      aeb62e0dfae894ec460b0fea6b7eb468ba1e7eba

    • SHA256

      4d625dc62c2cf5fbcd19fb5816ac278168bfcb561ee58acd433220b292cc3c6a

    • SHA512

      93eb81ace5f1a5ab9a793778c71ed22f04565eb5433c7e82a8e4852b5ac855a9b61c4848fc1826b964e015f51222a913046227f26c53f0f861f2f1a3bc8e0362

    • SSDEEP

      98304:XX77GBfWgx1t4+Cgaw7YOXwnS4rV5IDQ61HMEYOXwnS4rVuD:vGBfWO1Gj3ISuQ61CI9

    Score
    8/10
    discoverypersistencespywarestealer

    • Contacts a large (786) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Network Service Discovery

1
T1046

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks