Overview

overview

8

Static

static

3

6a0b7d61d2...18.exe

windows7-x64

7

6a0b7d61d2...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118

  • Size

    12.2MB

  • Sample

    240523-hal8vagd9t

  • MD5

    6a0b7d61d26b7d35d7dd073ff7c6b39f

  • SHA1

    6d662f848047236a71d06e036bd29cceba4c456d

  • SHA256

    a4a5d72aa2ec436ab2f2783d5fde68a0bd4f62f614a4521062a97b8bf4d67bae

  • SHA512

    616dba068db408f752ff666a16fdd79228e631113e8b68da94d72ae6af3e75efd10d39a8153e185b12998dde8ee77625317b7692440ffef4fd6e680e62589ecb

  • SSDEEP

    196608:5KDB+N3oP1HqwmJ8EHlfTCW6EW4simvlGAD7etbYPvbJQlH0CtWeZ8C4+HhNsouR:UZP1KwCteW6EW3imt1ekJQlUcBxu

Score
8/10
persistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      6a0b7d61d26b7d35d7dd073ff7c6b39f_JaffaCakes118

    • Size

      12.2MB

    • MD5

      6a0b7d61d26b7d35d7dd073ff7c6b39f

    • SHA1

      6d662f848047236a71d06e036bd29cceba4c456d

    • SHA256

      a4a5d72aa2ec436ab2f2783d5fde68a0bd4f62f614a4521062a97b8bf4d67bae

    • SHA512

      616dba068db408f752ff666a16fdd79228e631113e8b68da94d72ae6af3e75efd10d39a8153e185b12998dde8ee77625317b7692440ffef4fd6e680e62589ecb

    • SSDEEP

      196608:5KDB+N3oP1HqwmJ8EHlfTCW6EW4simvlGAD7etbYPvbJQlH0CtWeZ8C4+HhNsouR:UZP1KwCteW6EW3imt1ekJQlUcBxu

    Score
    8/10
    spywarestealerpersistence

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks