Malware Analysis Report

2024-09-22 15:25

Sample ID 240405-d7x96abg95
Target c9c937d7791010e40713bf9c7812a532_JaffaCakes118
SHA256 43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af
Tags
stealer pandastealer phoenixstealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

43b21e60d088a3eba1b23f5aac9deb39d86f27a819a2e179a7edbdfd407264af

Threat Level: Known bad

The file c9c937d7791010e40713bf9c7812a532_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

stealer pandastealer phoenixstealer

Phoenixstealer family

PhoenixStealer

Detect PhoenixStealer

Panda Stealer payload

Pandastealer family

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-05 03:39

Signatures

Detect PhoenixStealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Panda Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Pandastealer family

pandastealer

Phoenixstealer family

phoenixstealer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-05 03:39

Reported

2024-04-05 03:42

Platform

win7-20240221-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-05 03:39

Reported

2024-04-05 03:42

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"

Signatures

PhoenixStealer

stealer phoenixstealer

Processes

C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c9c937d7791010e40713bf9c7812a532_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A