2cf59d4891eaa879887bdada2c666643cf27c98f74015edae0d18bbb0ebc7eb8 | Triage

Sharing

General

Target

f1284ee9c5a5384518c48e83e2179c95_JaffaCakes118
Size

10KB
Sample

240415-qnttvafd68
MD5

f1284ee9c5a5384518c48e83e2179c95
SHA1

69fe7183827a9bde8b028855a539f263a0b658ec
SHA256

2cf59d4891eaa879887bdada2c666643cf27c98f74015edae0d18bbb0ebc7eb8
SHA512

01fbe24609bb62dbd8ca42cc307708b4e8bef3dc68bec110b0d16e0f0c7f55d72bf2f9a1d4e4267859b486723585dc18f0141af73c0c28974b1b21d2283a8ab7
SSDEEP

192:nbiqIXsP18touF3lcfFf5yqGNHLSX9FQ+kz:biqis9QlcffyqGeHY

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  f1284ee9c5a5384518c48e83e2179c95_JaffaCakes118
- Size
  
  10KB
- MD5
  
  f1284ee9c5a5384518c48e83e2179c95
- SHA1
  
  69fe7183827a9bde8b028855a539f263a0b658ec
- SHA256
  
  2cf59d4891eaa879887bdada2c666643cf27c98f74015edae0d18bbb0ebc7eb8
- SHA512
  
  01fbe24609bb62dbd8ca42cc307708b4e8bef3dc68bec110b0d16e0f0c7f55d72bf2f9a1d4e4267859b486723585dc18f0141af73c0c28974b1b21d2283a8ab7
- SSDEEP
  
  192:nbiqIXsP18touF3lcfFf5yqGNHLSX9FQ+kz:biqis9QlcffyqGeHY
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2