Overview

overview

8

Static

static

3

5c595e6e7a...18.exe

windows7-x64

8

5c595e6e7a...18.exe

windows10-2004-x64

8

data1748814.rtf

windows7-x64

1

data1748814.rtf

windows10-2004-x64

1

data2607577.xls

windows7-x64

1

data2607577.xls

windows10-2004-x64

1

data865134.pdf

windows7-x64

1

data865134.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c595e6e7a518e6e59781233b9f0a0fa_JaffaCakes118

  • Size

    6.0MB

  • Sample

    240520-a8rxzscc3t

  • MD5

    5c595e6e7a518e6e59781233b9f0a0fa

  • SHA1

    58f9482895a688ae3acff3e6f1f72351025dbafb

  • SHA256

    63a12d00df51a39449cdd29f34ca128bad0d39852783b8ad1fbcfad23f74325d

  • SHA512

    a17e18528d9083366c3b87e9b5fca2021d05fa1afad9a01859f5af325d5040ecebbf65cd8a1751153dbf8e90682addb789ebb9832c287c6db94a4513e623786d

  • SSDEEP

    98304:Rj0roU/xc9qrYL0hQgQAAQQxDZU62y7MsUwzEIdbGMlUq72fCsVoDxXioQ6Q3P:Rj0roU/O9kC0CGDYUxIdp72fQX8

Score
8/10
discoveryevasionexecutionpersistencespywarestealer

Malware Config

Targets

    • Target

      5c595e6e7a518e6e59781233b9f0a0fa_JaffaCakes118

    • Size

      6.0MB

    • MD5

      5c595e6e7a518e6e59781233b9f0a0fa

    • SHA1

      58f9482895a688ae3acff3e6f1f72351025dbafb

    • SHA256

      63a12d00df51a39449cdd29f34ca128bad0d39852783b8ad1fbcfad23f74325d

    • SHA512

      a17e18528d9083366c3b87e9b5fca2021d05fa1afad9a01859f5af325d5040ecebbf65cd8a1751153dbf8e90682addb789ebb9832c287c6db94a4513e623786d

    • SSDEEP

      98304:Rj0roU/xc9qrYL0hQgQAAQQxDZU62y7MsUwzEIdbGMlUq72fCsVoDxXioQ6Q3P:Rj0roU/O9kC0CGDYUxIdp72fQX8

    Score
    8/10
    discoveryevasionexecutionpersistencespywarestealer

    • Blocklisted process makes network request

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      data1748814.rtf

    • Size

      838KB

    • MD5

      c7f5c3a2511cb98c24d3dd96692dd9d1

    • SHA1

      230e58a20d409c0625533a29cf3256e9b342d239

    • SHA256

      6f7bd92726a05557f40bcc6fe2d1cedd37f1fb0d484739d369ed787003d845b8

    • SHA512

      564f7493606f05bddcf5c5945a008fa950113cb9926acae16545d085e3232c4a87b77f55485f8e70cc6e57112881f4fd6ac491df8cf96bc483b0cdfbd73f35d0

    • SSDEEP

      24576:2fVMB4bd69Xzl3U1zwNivZ1lqy4njfyzEFuLtI8:2tMB4bd6ZzeGiRqy8fyFBI8

    Score
    1/10
    behavioral3behavioral4

    • Target

      data2607577.xls

    • Size

      713KB

    • MD5

      be42586f6fad2dea13f45fbc2606b352

    • SHA1

      bdb6180240438a7c1d062806b6f8ce8ceb2b1993

    • SHA256

      bf7dd08b8f3f5efda5eb2a6a2cb3d8b772fc1f715f61bc5b0bb226f1bece496b

    • SHA512

      5c6d5301771bcc52b5c99da8346306a42a4bcc131b0aff21182c1cfe9f1ee4bf523b2a5a2cc5d37c0b97dac778a6623faff26677d50091fa4ec34415a2140fae

    • SSDEEP

      12288:/zxV2HMvz3v0Rb0jhOUvrw5TM7ZqZ6c1qkUK2707k8a3++AT3WBAMPnSGPyKnr:V9rUbT/NM7ZqZ61kd4ggSTG6ySGPXr

    Score
    1/10
    behavioral5behavioral6

    • Target

      data865134.pdf

    • Size

      862KB

    • MD5

      22fbdce77340edf24453d6475fd84b03

    • SHA1

      de388b0c488dd93ba8c86c2a1582c31785d3a520

    • SHA256

      64d9892f28fd14324dcd747cfd31e6c18378ef8ad2b4ca9f10939281a1804670

    • SHA512

      816a0860b023bae19e666158cf329baece08fd6281bf0a471956e209f83efc8b555fd177f1b9bbcb20fae76ba69ba585d227b0ec034fd5e36036d3e26a0f2e62

    • SSDEEP

      12288:mHj0+gzj6poMLVqElT4czMOFQ+B9Qdcu7myfJV5B0NMMbEl07bxhs4PFHhp:46j47/zMevyftuiem0Hg4dL

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks