Overview

overview

10

Static

static

10

63aa17ae4f...18.exe

windows7-x64

10

63aa17ae4f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63aa17ae4f307834a491fe583dd40ad2_JaffaCakes118.exe

  • Size

    377KB

  • MD5

    63aa17ae4f307834a491fe583dd40ad2

  • SHA1

    a491ecee060976a3f92d1f78c01eae395458f8e7

  • SHA256

    54a665f2962307c1cdb9f865b60da2d5d5940654c7824818c1c6e76168a6cc9b

  • SHA512

    d451c2ea0382641e6b554105df5ac2f6866f017ef0097ddffa2e95787cb199bb0f69aeaa892e99acaf3fdb2b7177c65d27b25d38a7d29c292d799b0fa93f8e59

  • SSDEEP

    3072:hO7HQolIrINJ8QV6Zx8oIRHkgIOus0yLhRUu8CntXN7FJL2ziDmybJF:hO7PvDVgxxINhIOuqLxr2ziSQ

Score
10/10
growtopiastealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Maolenerkki2

Signatures

  • Growtopia

    Growtopa is an opensource modular stealer written in C#.

    stealergrowtopia
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63aa17ae4f307834a491fe583dd40ad2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\63aa17ae4f307834a491fe583dd40ad2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2208-0-0x0000000074E2E000-0x0000000074E2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-1-0x0000000000800000-0x0000000000864000-memory.dmp

    Filesize

    400KB

    Download

  • memory/2208-2-0x0000000074E20000-0x00000000755D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2208-4-0x0000000074E20000-0x00000000755D0000-memory.dmp

    Filesize

    7.7MB

    Download