a6d2459e454472e4005e2ef23b943d90ab64e46ab0ca6e1735617059c60bfe00 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

f83a20f718...18.exe

windows7-x64

9

f83a20f718...18.exe

windows10-2004-x64

9

Sharing

General

Target

f83a20f718d2b719452e9554e7bfd047_JaffaCakes118
Size

4.2MB
Sample

240418-r6lrmaga97
MD5

f83a20f718d2b719452e9554e7bfd047
SHA1

2980fb923fe8609924194a6eacd701b7f9bcb373
SHA256

a6d2459e454472e4005e2ef23b943d90ab64e46ab0ca6e1735617059c60bfe00
SHA512

2ea6802430ff3c0de84556ad43e9f6a9062b9c9bd254e75efa1a547fb56807e0333a5fec7892d884206045c9db9880cd9df91ead4be373157ef153d03cd80745
SSDEEP

98304:/7zvc7Vd6JvVzBPeZH7V2dp03aGOSic+uDbysEhWNR+Yi9xOnBN9xrAHEn16zoCR:/7w7EreSNSPyAnBN9xl16zoCHOo

Score

9^/10

collection persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f83a20f718d2b719452e9554e7bfd047_JaffaCakes118.exe

Resource

win7-20240221-en

collection persistence spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f83a20f718d2b719452e9554e7bfd047_JaffaCakes118.exe

Resource

win10v2004-20240412-en

collection persistence spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f83a20f718d2b719452e9554e7bfd047_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  f83a20f718d2b719452e9554e7bfd047
- SHA1
  
  2980fb923fe8609924194a6eacd701b7f9bcb373
- SHA256
  
  a6d2459e454472e4005e2ef23b943d90ab64e46ab0ca6e1735617059c60bfe00
- SHA512
  
  2ea6802430ff3c0de84556ad43e9f6a9062b9c9bd254e75efa1a547fb56807e0333a5fec7892d884206045c9db9880cd9df91ead4be373157ef153d03cd80745
- SSDEEP
  
  98304:/7zvc7Vd6JvVzBPeZH7V2dp03aGOSic+uDbysEhWNR+Yi9xOnBN9xrAHEn16zoCR:/7w7EreSNSPyAnBN9xl16zoCHOo
Score

9^/10

collection persistence spyware stealer upx
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

collectionpersistencespywarestealerupx

behavioral2

collectionpersistencespywarestealerupx

© 2018-2024

Terms | Privacy