Overview

overview

10

Static

static

7

fbc443f8fd...18.exe

windows7-x64

10

fbc443f8fd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbc443f8fde03f0f0c4bf5a3a67bbd70_JaffaCakes118

  • Size

    49KB

  • Sample

    240420-dcgc6aed97

  • MD5

    fbc443f8fde03f0f0c4bf5a3a67bbd70

  • SHA1

    14f3d1b82b5590984cf4e59da9d3cce34d9d9796

  • SHA256

    bc8a67b0d01a95bcd5dc58d36459d48e791d74f6bc1fdefd216aa655eb173157

  • SHA512

    6a136e4c7e195152a59896ec74bbc6444f4b28114e649c1fb248619003a2321d66b95b888b262fb40a82a0253968077aee6f6b42d9ff832712a1bb42c4e30869

  • SSDEEP

    768:xjqHOrfQTDYMCbqYp8T3dxZrGIKwYiDrEcPHccOjF2zDZNut:xmKCCbnOdxZVKtcEc/4jiNu

Score
10/10
evasionspywarestealerupx

Malware Config

Targets

    • Target

      fbc443f8fde03f0f0c4bf5a3a67bbd70_JaffaCakes118

    • Size

      49KB

    • MD5

      fbc443f8fde03f0f0c4bf5a3a67bbd70

    • SHA1

      14f3d1b82b5590984cf4e59da9d3cce34d9d9796

    • SHA256

      bc8a67b0d01a95bcd5dc58d36459d48e791d74f6bc1fdefd216aa655eb173157

    • SHA512

      6a136e4c7e195152a59896ec74bbc6444f4b28114e649c1fb248619003a2321d66b95b888b262fb40a82a0253968077aee6f6b42d9ff832712a1bb42c4e30869

    • SSDEEP

      768:xjqHOrfQTDYMCbqYp8T3dxZrGIKwYiDrEcPHccOjF2zDZNut:xmKCCbnOdxZVKtcEc/4jiNu

    Score
    10/10
    evasionspywarestealerupx

    • Modifies firewall policy service

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks