Analysis Overview
SHA256
43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af
Threat Level: Known bad
The file c9c937d7791010e40713bf9c7812a532_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Phoenixstealer family
PhoenixStealer
Detect PhoenixStealer
Panda Stealer payload
Pandastealer family
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-04-05 03:39
Signatures
Detect PhoenixStealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Panda Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pandastealer family
Phoenixstealer family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-05 03:39
Reported
2024-04-05 03:42
Platform
win7-20240221-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
PhoenixStealer
Processes
C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-05 03:39
Reported
2024-04-05 03:42
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
PhoenixStealer
Processes
C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |