608593fcf6d4c4388f0b8dd2e6e127b101823b688301b1fbdaf49b8c0f9b4ec0 | Triage

Sharing

General

Target

047a9bf43f7fa71e84e8cf42e32fa62a_JaffaCakes118
Size

194KB
Sample

240620-krzavashlk
MD5

047a9bf43f7fa71e84e8cf42e32fa62a
SHA1

b7839b2fa7190d129a741b12bfcb8ee37fec8626
SHA256

608593fcf6d4c4388f0b8dd2e6e127b101823b688301b1fbdaf49b8c0f9b4ec0
SHA512

83db3717907252b69f69e3bed19daa462e5a30484a7b8d9ba7acdcc372da1724de520a112c71176276360a7ab3a332e670d0f680214f93cfda7927c98d3d1234
SSDEEP

6144:zVpLfZcN/uOzP2N/L7RI++KOw9puou2DY:xOz2P0KxDDY

Score

8^/10

evasion persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  047a9bf43f7fa71e84e8cf42e32fa62a_JaffaCakes118
- Size
  
  194KB
- MD5
  
  047a9bf43f7fa71e84e8cf42e32fa62a
- SHA1
  
  b7839b2fa7190d129a741b12bfcb8ee37fec8626
- SHA256
  
  608593fcf6d4c4388f0b8dd2e6e127b101823b688301b1fbdaf49b8c0f9b4ec0
- SHA512
  
  83db3717907252b69f69e3bed19daa462e5a30484a7b8d9ba7acdcc372da1724de520a112c71176276360a7ab3a332e670d0f680214f93cfda7927c98d3d1234
- SSDEEP
  
  6144:zVpLfZcN/uOzP2N/L7RI++KOw9puou2DY:xOz2P0KxDDY
Score

8^/10

evasion persistence privilege_escalation spyware stealer
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalationspywarestealer

behavioral2