Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-06-2024 22:41
Behavioral task
behavioral1
Sample
0fcb3880aaa362e3a8f992ac98f34bb5_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0fcb3880aaa362e3a8f992ac98f34bb5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0fcb3880aaa362e3a8f992ac98f34bb5_JaffaCakes118.exe
-
Size
5.6MB
-
MD5
0fcb3880aaa362e3a8f992ac98f34bb5
-
SHA1
7bb5f5bbe77bc1bcbd17fb3018a4b4e39d398e77
-
SHA256
9ff4afa750a73c28a844a61bcfde2b97e3b17b0ab6071c3a3fc53e6c518c4392
-
SHA512
f5c37c8b11e45901c545bba4207234edb180ed456e71d8f21e87a64a25da1129281cd958dcefedba906df38109b0b50ec01e8b2f8abbbe7025912c60936a2100
-
SSDEEP
98304:HSzKQ+nN5UoeLmfW7N33r1U7QUqaUZmOjYMgIb39ifqSdQEMdAyV8y3i:HJvnwozuN33y7HrOIIpifVdQEMKyV
Malware Config
Signatures
-
Panda Stealer payload 4 IoCs
resource yara_rule behavioral1/memory/1364-5-0x0000000000E10000-0x0000000001756000-memory.dmp family_pandastealer behavioral1/memory/1364-9-0x0000000000E10000-0x0000000001756000-memory.dmp family_pandastealer behavioral1/memory/1364-10-0x0000000000E10000-0x0000000001756000-memory.dmp family_pandastealer behavioral1/memory/1364-28-0x0000000000E10000-0x0000000001756000-memory.dmp family_pandastealer -
PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
-
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
-
Shurk Stealer payload 4 IoCs
resource yara_rule behavioral1/memory/1364-5-0x0000000000E10000-0x0000000001756000-memory.dmp shurk_stealer behavioral1/memory/1364-9-0x0000000000E10000-0x0000000001756000-memory.dmp shurk_stealer behavioral1/memory/1364-10-0x0000000000E10000-0x0000000001756000-memory.dmp shurk_stealer behavioral1/memory/1364-28-0x0000000000E10000-0x0000000001756000-memory.dmp shurk_stealer -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/memory/1364-5-0x0000000000E10000-0x0000000001756000-memory.dmp vmprotect behavioral1/memory/1364-9-0x0000000000E10000-0x0000000001756000-memory.dmp vmprotect behavioral1/memory/1364-10-0x0000000000E10000-0x0000000001756000-memory.dmp vmprotect behavioral1/memory/1364-28-0x0000000000E10000-0x0000000001756000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1364 0fcb3880aaa362e3a8f992ac98f34bb5_JaffaCakes118.exe 1364 0fcb3880aaa362e3a8f992ac98f34bb5_JaffaCakes118.exe