f9c1f5f5a666843d1b7b1bbf622fbd8e701a8c7c7d734df82caea1285cbe12da | Triage

Sharing

General

Target

fa1a5ab1280ed5e42c92ef71a4338710_JaffaCakes118
Size

6.7MB
Sample

240419-mh78hagd42
MD5

fa1a5ab1280ed5e42c92ef71a4338710
SHA1

4a7f388bada74ad6802f445507da4a7a38416e59
SHA256

f9c1f5f5a666843d1b7b1bbf622fbd8e701a8c7c7d734df82caea1285cbe12da
SHA512

00014595976b14d3637dff086400a5d51ba5a394d14498cf786e70770d3ab31706006529d4035b99a163c3e5d5cc531676a38b5446925719611895c05e979b75
SSDEEP

196608:w3YPmCsXDjDyf6L2WliXYrHW1L0tFKNf+gVHy:mYPmCEDVL2ciIrHWRkK9+q

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  fa1a5ab1280ed5e42c92ef71a4338710_JaffaCakes118
- Size
  
  6.7MB
- MD5
  
  fa1a5ab1280ed5e42c92ef71a4338710
- SHA1
  
  4a7f388bada74ad6802f445507da4a7a38416e59
- SHA256
  
  f9c1f5f5a666843d1b7b1bbf622fbd8e701a8c7c7d734df82caea1285cbe12da
- SHA512
  
  00014595976b14d3637dff086400a5d51ba5a394d14498cf786e70770d3ab31706006529d4035b99a163c3e5d5cc531676a38b5446925719611895c05e979b75
- SSDEEP
  
  196608:w3YPmCsXDjDyf6L2WliXYrHW1L0tFKNf+gVHy:mYPmCEDVL2ciIrHWRkK9+q
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2