79970c83431a8ab3549c6f16f45d23c751de916b6c088d4d9f4b4242d80fbbce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

156ecc978c8b6b884d1c00a86461bad0_JaffaCakes118
Size

256KB
Sample

240329-b58a8sec3s
MD5

156ecc978c8b6b884d1c00a86461bad0
SHA1

7cca99d037638136118904bc70af5e94e004066e
SHA256

79970c83431a8ab3549c6f16f45d23c751de916b6c088d4d9f4b4242d80fbbce
SHA512

0f6435338dfaf5872c82be1ecae0fabf462baaeff81d621eb51dfdb2cd29486775d61a26047443e0ec08b2106ca0dcec49450fc6d384bc625e005470bf3e2689
SSDEEP

6144:lPvl0fEhRRkVMcK6DfEhRjyq5N3lTHfEhRRkVMcK6DfEhR:QfEdYFfE3y6xlzfEdYFfE

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  156ecc978c8b6b884d1c00a86461bad0_JaffaCakes118
- Size
  
  256KB
- MD5
  
  156ecc978c8b6b884d1c00a86461bad0
- SHA1
  
  7cca99d037638136118904bc70af5e94e004066e
- SHA256
  
  79970c83431a8ab3549c6f16f45d23c751de916b6c088d4d9f4b4242d80fbbce
- SHA512
  
  0f6435338dfaf5872c82be1ecae0fabf462baaeff81d621eb51dfdb2cd29486775d61a26047443e0ec08b2106ca0dcec49450fc6d384bc625e005470bf3e2689
- SSDEEP
  
  6144:lPvl0fEhRRkVMcK6DfEhRjyq5N3lTHfEhRRkVMcK6DfEhR:QfEdYFfE3y6xlzfEdYFfE
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer