Overview

overview

8

Static

static

3

Caffeine A...2].exe

windows7-x64

7

Caffeine A...2].exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Caffeine AIO [V8.2].exe

  • Size

    16.7MB

  • Sample

    240311-btdbqaha41

  • MD5

    e18061b4ca683e091093dd97c1299b10

  • SHA1

    7712484430df39eadb1078936737272b6c8242df

  • SHA256

    ebc2624157cf13771edcc83d0066afb489cdf6220400ac66d264af2415306f13

  • SHA512

    e93ed72ca0a7f5fe9a0884d5439bcbdea3101d5596bef73055180d444f4e8f7829432091001c65403798b343448463b058a088843b077dcb517772375a5c8461

  • SSDEEP

    393216:Vu7L/bP8AxYDwdQusl7Q+l9RoWOv+9faTS7uQmTI:VCL4XsdQu2QGborvSin

Score
8/10
evasionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Caffeine AIO [V8.2].exe

    • Size

      16.7MB

    • MD5

      e18061b4ca683e091093dd97c1299b10

    • SHA1

      7712484430df39eadb1078936737272b6c8242df

    • SHA256

      ebc2624157cf13771edcc83d0066afb489cdf6220400ac66d264af2415306f13

    • SHA512

      e93ed72ca0a7f5fe9a0884d5439bcbdea3101d5596bef73055180d444f4e8f7829432091001c65403798b343448463b058a088843b077dcb517772375a5c8461

    • SSDEEP

      393216:Vu7L/bP8AxYDwdQusl7Q+l9RoWOv+9faTS7uQmTI:VCL4XsdQu2QGborvSin

    Score
    8/10
    evasionspywarestealer

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks