Overview

overview

8

Static

static

3

e9f5788ba2...18.exe

windows7-x64

8

e9f5788ba2...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e9f5788ba2b875d7debe7d398d0eb4b1_JaffaCakes118

  • Size

    643KB

  • Sample

    240409-pb63zahh4w

  • MD5

    e9f5788ba2b875d7debe7d398d0eb4b1

  • SHA1

    821bfe0ddd6384c02a8c5565a1689702d3d44a53

  • SHA256

    211f69de0184d66a4525463a4056932fb7fea95d96ebfce09930d295e95488cd

  • SHA512

    ac6d1e2882120e26ca1d99e77bb0c64923e086e697ae839f4e6b0ec237fb3880859f2e03d5729107685470068691353388fbd1adace9bd80894133d2cdc5bd5b

  • SSDEEP

    12288:VLG6JA70VxW6hSlLOQ0UCKO6H88DdMBLZoVjiIwaghvTDAsAuFekhX7xp/L6i6Y:VC6JK2hkLOhUCKO6cidw6jWaQ/FekhL1

Score
8/10
evasionpersistencespywarestealer

Malware Config

Targets

    • Target

      e9f5788ba2b875d7debe7d398d0eb4b1_JaffaCakes118

    • Size

      643KB

    • MD5

      e9f5788ba2b875d7debe7d398d0eb4b1

    • SHA1

      821bfe0ddd6384c02a8c5565a1689702d3d44a53

    • SHA256

      211f69de0184d66a4525463a4056932fb7fea95d96ebfce09930d295e95488cd

    • SHA512

      ac6d1e2882120e26ca1d99e77bb0c64923e086e697ae839f4e6b0ec237fb3880859f2e03d5729107685470068691353388fbd1adace9bd80894133d2cdc5bd5b

    • SSDEEP

      12288:VLG6JA70VxW6hSlLOQ0UCKO6H88DdMBLZoVjiIwaghvTDAsAuFekhX7xp/L6i6Y:VC6JK2hkLOhUCKO6cidw6jWaQ/FekhL1

    Score
    8/10
    evasionpersistencespywarestealer

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks