5ffc54749abc7b1257609bcf34413e752a32a2a33bc4e0fead9810221c9c8d43 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

fb71a5ca98...18.exe

windows7-x64

7

fb71a5ca98...18.exe

windows10-2004-x64

7

Sharing

General

Target

fb71a5ca98bd642650e87c3fe250bb4e_JaffaCakes118
Size

176KB
Sample

240419-3v7eqsbf3x
MD5

fb71a5ca98bd642650e87c3fe250bb4e
SHA1

8d62079194fa25d663ad24e323e2a519e136ae97
SHA256

5ffc54749abc7b1257609bcf34413e752a32a2a33bc4e0fead9810221c9c8d43
SHA512

a9d1df789a6a786f51406e1cfa8043e7dccf7f2ab51649b3e5a63d73f5bc33046706b38f7fa2bac5def148723e5c5a32252fd791433166c5a5e54f4a52656864
SSDEEP

3072:dI+YqxxPUhm3i3NEekup07eClffNVT6zQ4bj08YMO+Jc/VVIoYV0rTouh2BP:dIo7UhmSi5iU3DT6zQ4bjAnuSIohrToP

Score

7^/10

persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fb71a5ca98bd642650e87c3fe250bb4e_JaffaCakes118.exe

Resource

win7-20240215-en

persistence spyware stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb71a5ca98bd642650e87c3fe250bb4e_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb71a5ca98bd642650e87c3fe250bb4e_JaffaCakes118
- Size
  
  176KB
- MD5
  
  fb71a5ca98bd642650e87c3fe250bb4e
- SHA1
  
  8d62079194fa25d663ad24e323e2a519e136ae97
- SHA256
  
  5ffc54749abc7b1257609bcf34413e752a32a2a33bc4e0fead9810221c9c8d43
- SHA512
  
  a9d1df789a6a786f51406e1cfa8043e7dccf7f2ab51649b3e5a63d73f5bc33046706b38f7fa2bac5def148723e5c5a32252fd791433166c5a5e54f4a52656864
- SSDEEP
  
  3072:dI+YqxxPUhm3i3NEekup07eClffNVT6zQ4bj08YMO+Jc/VVIoYV0rTouh2BP:dIo7UhmSi5iU3DT6zQ4bjAnuSIohrToP
Score

7^/10

persistence spyware stealer upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy