56448363adf1a752c3850912e0686c7181bf785280085f754abca6e70506b2ae | Triage

Sharing

General

Target

fb66afa7fafa1972699a1dccc19cd883_JaffaCakes118
Size

72KB
Sample

240419-3d8apsbb31
MD5

fb66afa7fafa1972699a1dccc19cd883
SHA1

e35ed782c00795422799a6ab3c3bd14ae33aa4d6
SHA256

56448363adf1a752c3850912e0686c7181bf785280085f754abca6e70506b2ae
SHA512

f6c84e3c15fddf47eecb097690fcd09aafe0ff718534feabe310e0be3c64d7c9496e225f42ac41632a4bb0698e3264986f3d41ddb3116b8fab046e711b98071c
SSDEEP

1536:BlcbkxQBjOPbvD+YAO5xztwM6HBY46qax:BlikxQUPuhOzzP6HBSx

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  fb66afa7fafa1972699a1dccc19cd883_JaffaCakes118
- Size
  
  72KB
- MD5
  
  fb66afa7fafa1972699a1dccc19cd883
- SHA1
  
  e35ed782c00795422799a6ab3c3bd14ae33aa4d6
- SHA256
  
  56448363adf1a752c3850912e0686c7181bf785280085f754abca6e70506b2ae
- SHA512
  
  f6c84e3c15fddf47eecb097690fcd09aafe0ff718534feabe310e0be3c64d7c9496e225f42ac41632a4bb0698e3264986f3d41ddb3116b8fab046e711b98071c
- SSDEEP
  
  1536:BlcbkxQBjOPbvD+YAO5xztwM6HBY46qax:BlikxQUPuhOzzP6HBSx
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2