82cd40a855003c031c7e97841eb1342ab40006a1c3ebfcb904a4a4e422e7e57e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8f6675ff1e17c474bfb6306bd911b9a_JaffaCakes118
Size

64KB
Sample

240405-dhtknsae9t
MD5

c8f6675ff1e17c474bfb6306bd911b9a
SHA1

1af4861dd639ac17eafb5649df815aa1f4ac853e
SHA256

82cd40a855003c031c7e97841eb1342ab40006a1c3ebfcb904a4a4e422e7e57e
SHA512

9b3096dda3f10ac63e70f9de5f9d5383779b3de9adb4779d5ed2fa716a8e9031fc7548a911590af070acd20d2741b9345174db28a0e85d8381dfc4ec66175290
SSDEEP

1536:hYXVBNDA/6An6qL2vxaddF0GEW6RMZ52WOHKOdLn:gQqvSOGEjaiWCK4

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  c8f6675ff1e17c474bfb6306bd911b9a_JaffaCakes118
- Size
  
  64KB
- MD5
  
  c8f6675ff1e17c474bfb6306bd911b9a
- SHA1
  
  1af4861dd639ac17eafb5649df815aa1f4ac853e
- SHA256
  
  82cd40a855003c031c7e97841eb1342ab40006a1c3ebfcb904a4a4e422e7e57e
- SHA512
  
  9b3096dda3f10ac63e70f9de5f9d5383779b3de9adb4779d5ed2fa716a8e9031fc7548a911590af070acd20d2741b9345174db28a0e85d8381dfc4ec66175290
- SSDEEP
  
  1536:hYXVBNDA/6An6qL2vxaddF0GEW6RMZ52WOHKOdLn:gQqvSOGEjaiWCK4
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer