2f506005bc6540603a4dd39fc9bf922e7ca2700f8e21a8beaf60181da56134de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dd8b81498d96d1294540376a9065261_JaffaCakes118
Size

340KB
Sample

240625-m96trawdpd
MD5

0dd8b81498d96d1294540376a9065261
SHA1

12a74935bf6a284648652a6b7a786a4bcc1eee2b
SHA256

2f506005bc6540603a4dd39fc9bf922e7ca2700f8e21a8beaf60181da56134de
SHA512

6b643c05388a2ab6acbe5eb4ea7313833a810af7806fb0b60bfdf1dad3fd26af35f6d46a14b8c02fa3e08bb94a969bd7a8cce834b3d36c749088c6732c1a6909
SSDEEP

6144:ghLhwHt60v8J6FgZJ+Klp6rMi3Hv4FRrT0DhdQU9oO2vA7l76s4HjLDp:gyUuKlpluwRX6hdFoO2vA7l76s4D

Score

8^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  0dd8b81498d96d1294540376a9065261_JaffaCakes118
- Size
  
  340KB
- MD5
  
  0dd8b81498d96d1294540376a9065261
- SHA1
  
  12a74935bf6a284648652a6b7a786a4bcc1eee2b
- SHA256
  
  2f506005bc6540603a4dd39fc9bf922e7ca2700f8e21a8beaf60181da56134de
- SHA512
  
  6b643c05388a2ab6acbe5eb4ea7313833a810af7806fb0b60bfdf1dad3fd26af35f6d46a14b8c02fa3e08bb94a969bd7a8cce834b3d36c749088c6732c1a6909
- SSDEEP
  
  6144:ghLhwHt60v8J6FgZJ+Klp6rMi3Hv4FRrT0DhdQU9oO2vA7l76s4HjLDp:gyUuKlpluwRX6hdFoO2vA7l76s4D
Score

8^/10

evasion persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2