f9959ff3df780feb93abd6e4edc9fddb0976adf5120dd353455c391583bfd261 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

326eddb926e36a37a1d44adcaea03ac8_JaffaCakes118
Size

65KB
Sample

240511-drz4taac6x
MD5

326eddb926e36a37a1d44adcaea03ac8
SHA1

ecd4197f60a1855faa5bf31711ccc62a8e1a6298
SHA256

f9959ff3df780feb93abd6e4edc9fddb0976adf5120dd353455c391583bfd261
SHA512

326507acd97858addb89901bcf887f1784ad66935a8c581f705d0f4da30cae4f5c79d32f40443c417a91276fb6c9613ec8cc417e006c7f342ce71a0a64aeeb01
SSDEEP

768:FhWXIrwgwZkxI2ABcZfIyLaA3sjNNlkeDs3iiV8konhKbBS4HU1MGyQydCf02GZN:vWXL5OtYnkeDnkoUS+1GSYonyN9WWHH+

Score

10^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  PIC0502502016-JPEG.com
- Size
  
  164KB
- MD5
  
  59ba34ea33c58125c0526bb2632ac424
- SHA1
  
  7e95f34f12771125764b21675f614cb9cc770d13
- SHA256
  
  952bf30d5b8964b441f3c70a3f41f8db5569c8285baa07d903bac94d580eae7e
- SHA512
  
  724a2282adccc42a029d7e97167273815904a95484a0d62e19a1041c606dcce094dfee5f77dcb034b1c1334d3297a9fc725a3d363365c512764083541269bf83
- SSDEEP
  
  3072:4vf0KfRASu/rLef4BO8a6Or8gmb57Bv/dXS0/j:4tfSSua4BO3608nb57Bv/lSyj
Score

10^/10

evasion persistence spyware stealer
- Modifies security service
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2