2285b65cfe2f866eabc86fda6e3969a930d0b5602295f9561fc23aadb09b9c65 | Triage

Sharing

General

Target

fc100c02191195a51664165e64363768_JaffaCakes118
Size

6.6MB
Sample

240420-gje1fsaa93
MD5

fc100c02191195a51664165e64363768
SHA1

b8073b0230b9b6945ad55a69bd286c605b34019c
SHA256

2285b65cfe2f866eabc86fda6e3969a930d0b5602295f9561fc23aadb09b9c65
SHA512

6e796a9a37bb77b71642511bb57f1a52ae9c662964fd2625d03b1c9beff3d05f4456ed7cef951a798fcf0080a8b7d6be4eda413e731b0bbae3701d9d83adfd36
SSDEEP

196608:9fPmCsXDjDyf6L2WliXYrHW1L0qFMdAqbHpp:dPmCEDVL2ciIrHWRZMCqD

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  fc100c02191195a51664165e64363768_JaffaCakes118
- Size
  
  6.6MB
- MD5
  
  fc100c02191195a51664165e64363768
- SHA1
  
  b8073b0230b9b6945ad55a69bd286c605b34019c
- SHA256
  
  2285b65cfe2f866eabc86fda6e3969a930d0b5602295f9561fc23aadb09b9c65
- SHA512
  
  6e796a9a37bb77b71642511bb57f1a52ae9c662964fd2625d03b1c9beff3d05f4456ed7cef951a798fcf0080a8b7d6be4eda413e731b0bbae3701d9d83adfd36
- SSDEEP
  
  196608:9fPmCsXDjDyf6L2WliXYrHW1L0qFMdAqbHpp:dPmCEDVL2ciIrHWRZMCqD
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2