c13f2e45e6ed0eee8e08a7664e8227a8edcce6103f48a0c8523f6539c42adb84 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

02e454d3b9...18.exe

windows7-x64

7

02e454d3b9...18.exe

windows10-2004-x64

7

Sharing

General

Target

02e454d3b9f7082fee853334563a9b57_JaffaCakes118
Size

110KB
Sample

240427-kz3y1afh71
MD5

02e454d3b9f7082fee853334563a9b57
SHA1

176097a865d46ce0b1351e4e57f0fd47e340edc0
SHA256

c13f2e45e6ed0eee8e08a7664e8227a8edcce6103f48a0c8523f6539c42adb84
SHA512

01b6629e42173a698acefc8a84111daaac86bdcc7bf5ef48caf274f07311abe61c3565c225791973fbd4e7449bad1c1224b35b504dc61d0b4be003a09c035150
SSDEEP

1536:GdYBBBMFKj9RWs0MQd4rCC6JGPSjfc9ocZXfuI8Immb8VoQ33/K3WheP+YOWa2as:DBMFKzf84r6J/cWcNWyrYCF3/P+YOE

Score

7^/10

persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

02e454d3b9f7082fee853334563a9b57_JaffaCakes118.exe

Resource

win7-20231129-en

persistence spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

02e454d3b9f7082fee853334563a9b57_JaffaCakes118.exe

Resource

win10v2004-20240419-en

persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  02e454d3b9f7082fee853334563a9b57_JaffaCakes118
- Size
  
  110KB
- MD5
  
  02e454d3b9f7082fee853334563a9b57
- SHA1
  
  176097a865d46ce0b1351e4e57f0fd47e340edc0
- SHA256
  
  c13f2e45e6ed0eee8e08a7664e8227a8edcce6103f48a0c8523f6539c42adb84
- SHA512
  
  01b6629e42173a698acefc8a84111daaac86bdcc7bf5ef48caf274f07311abe61c3565c225791973fbd4e7449bad1c1224b35b504dc61d0b4be003a09c035150
- SSDEEP
  
  1536:GdYBBBMFKj9RWs0MQd4rCC6JGPSjfc9ocZXfuI8Immb8VoQ33/K3WheP+YOWa2as:DBMFKzf84r6J/cWcNWyrYCF3/P+YOE
Score

7^/10

persistence spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

persistencespywarestealerupx

© 2018-2024

Terms | Privacy