5bcea8f08114231c80ec819f6462d58235f7ba55f1ce1a867cbea8d2b4ca64d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

082c7770088cdb9af1a4f53fcf169990_JaffaCakes118
Size

78KB
Sample

240624-nbjr1aygld
MD5

082c7770088cdb9af1a4f53fcf169990
SHA1

2b47306eff0f3b16bf96f53f091c6fc68e17f17f
SHA256

5bcea8f08114231c80ec819f6462d58235f7ba55f1ce1a867cbea8d2b4ca64d2
SHA512

7e707b140f54c9f2c2a8a92115dd74f625a6e1bb63b17174c741a847a045fcc34179cbbea70a1e9349679e57afc406197207dab7dbb20c8604497d8a5e40dd7c
SSDEEP

1536:oXVCY5t4S0YdekMdUaVM2vf0ie0wYOROb+wPE0nE+NKN/6oVHdya1Q:oFPGS0YskMdUaWofhe5wP5ECKNCobQ

Score

8^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  bs.exe
- Size
  
  138KB
- MD5
  
  443dbea020f17496380f2c5fe1bd4d3f
- SHA1
  
  662aaa313f0bbfafe89f6947a85d1f1386414444
- SHA256
  
  864dc849e82d4f8f5be9502281e5de9ea3c8aae1557e049876585f485d3ebe67
- SHA512
  
  fab521758e5dffb4c7d912aa67b1d0c29e24cad2411d7fa3779faef67a119e6691fb6f95181290cc493d17f610838e0ae9d874af83dbd73e6edc77743abf8dea
- SSDEEP
  
  3072:7G4ARHortwIxu7lwXMxtbTXTCHBAjcfxVrv4Z0UFRBSG7QLk:NARIrCIxu7lwa1T/kxp4ZLQA
Score

8^/10

persistence spyware stealer
- Blocklisted process makes network request
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2