Extracted

• • Target

    08bb851f7e8a917bc82a3974e0bb9b7f_JaffaCakes118

  • Size

    110KB

  • MD5

    08bb851f7e8a917bc82a3974e0bb9b7f

  • SHA1

    a1ad58c0d4d3e744b1350db272c52c078ce05342

  • SHA256

    92b82f42519f7a8e9ae5108faa71b30a34ad5d9a35a235a2e28b1e112db5c06e

  • SHA512

    1d24e3d0d26bc7d56ab5369b86acb66936fa3c65dcde2ca16422ff07f459f59bee10d51e386219f661773e3d789434ad340d865298b2d97c57b8b8f82461d54f

  • SSDEEP

    3072:H/RRvrHl657BKDaIowRux0y9wGCa6+rDQA:frsXZIowRudelz

  Score

  10^/10

  persistencespywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2