2fc56fb072f48559d7fdce59399d768d8f9d9d809a10a96c6f0d1e38a12b7d3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b2fa0c54bc74f16c53e0b5b800681bd_JaffaCakes118
Size

1.0MB
Sample

240624-27k7lazhnp
MD5

0b2fa0c54bc74f16c53e0b5b800681bd
SHA1

b87b0f7c93a10be6bc1dc137b738d8e14420d7eb
SHA256

2fc56fb072f48559d7fdce59399d768d8f9d9d809a10a96c6f0d1e38a12b7d3d
SHA512

e182b6f6022dc8e2fc4d5343a429062b40a01355af63638e1292cd14fd00767bde00a5fb1d11c83829855149c3ecc49f6515164ef7a581ab3f383753ac57eb9b
SSDEEP

24576:KSplAw0ZLNmT3JHUuM7tcadkztB4al1/7WtRNvtGg2zk1+RirtUES9pDELx7:KSUFLNoFM7tBWVlJ7WNt67YUt1+

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Warrior's Skill Mixed By Deeyoung/Bot Wariors Cracker.exe
- Size
  
  18KB
- MD5
  
  69284fcf3f28373188142e75a670cbef
- SHA1
  
  a4828ff8a9ce2b2b1a2875c54cacd05a80da6c11
- SHA256
  
  37c1f7dbb94b08110c3919be504570edc678121f14f5b24b917d6881214fc151
- SHA512
  
  62639f71999632ff8449206e1410a204751cc46c84fb4dfa8919b8d8ea43a0d34fe60ac11b0834287697168b51de70b8fe02197cfb648e00ff80e5916e96ea85
- SSDEEP
  
  384:jDcEz386Mxx1EYJKW9eupHCyTuyltk+4XXI+yWOD5B119izMeNFOJp:HcEj862pdUupHCquylm7XI8Q
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
behavioral1 behavioral2
- Target
  
  Warrior's Skill Mixed By Deeyoung/DevComponents.DotNetBar1.dll
- Size
  
  501KB
- MD5
  
  ab46c081fc8f250fad5553543d3ceefd
- SHA1
  
  cfb7ced1a050f778fc922cf660ab9e7a5c15c9de
- SHA256
  
  3f34a35387ade40429b80539a762fba5363e04c4e3a0b4c56eff22ddc5cf283c
- SHA512
  
  e7014f5d12b9cd7a5b6757328489a4022e527c3d5d4ec3619879034bf890464c8cab1f9b55729e72ac84547c3fe7ca124c083d9ae6a7b5925377f5652c71c1f7
- SSDEEP
  
  12288:mVTHcCDSEdqBVD24s1mHQPjS5qzA8La4:mVDnSEQqm59
Score

3^/10
behavioral3 behavioral4
- Target
  
  Warrior's Skill Mixed By Deeyoung/DevComponents.DotNetBar2.dll
- Size
  
  3.0MB
- MD5
  
  17c3a65ed1fa763a12ad981840cfb592
- SHA1
  
  49db64d03c7f76b1b00a236429bee0e9b2c85480
- SHA256
  
  4f37a963d3b4b49f69e0037fb88cb28f467c34f189883818e824557a662cd89e
- SHA512
  
  f25db1bfcfce6ad906a1262542a53b56358849b65654dbfa7c8736411ab256278bb0347553e9ed95f3deeb56fd584e7b2486c7ff0e145554dddb84436e95b081
- SSDEEP
  
  24576:3In6CKCum36/FjgOD8Asg8BugwuaG84R+aFodtDuNV1RTkGT6GM/T5MeX4VxfXwa:U69Dt8fFx4lVMeX4VxfAVTa+dxyV
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6