3127ee1688471ea127309ada230fb2e7d602ce539103f700e8964e29ec63222c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f0abd547d5ac8124bc0bdf58065d853_JaffaCakes118
Size

356KB
Sample

240625-wsgyqsvcpg
MD5

0f0abd547d5ac8124bc0bdf58065d853
SHA1

6c0fb3973741d10862f0ce5a26f401aa706f6a3b
SHA256

3127ee1688471ea127309ada230fb2e7d602ce539103f700e8964e29ec63222c
SHA512

bc676bdea24dab00aeb48b8ff04814393b950dd8e6eb3f03942ae6b4a687625e36e3916bc69676a1d79c8999c0d03d2c809319d91f0411d42143336f6b759298
SSDEEP

6144:dKrxiyLvmWVXGleQv39p2pTA4g5rdepaZ66vDQM0h5viN3VYgX:stLXh76CTAkagYDQMU5o7

Score

10^/10

evasion execution spyware stealer

Malware Config

Targets

- Target
  
  0f0abd547d5ac8124bc0bdf58065d853_JaffaCakes118
- Size
  
  356KB
- MD5
  
  0f0abd547d5ac8124bc0bdf58065d853
- SHA1
  
  6c0fb3973741d10862f0ce5a26f401aa706f6a3b
- SHA256
  
  3127ee1688471ea127309ada230fb2e7d602ce539103f700e8964e29ec63222c
- SHA512
  
  bc676bdea24dab00aeb48b8ff04814393b950dd8e6eb3f03942ae6b4a687625e36e3916bc69676a1d79c8999c0d03d2c809319d91f0411d42143336f6b759298
- SSDEEP
  
  6144:dKrxiyLvmWVXGleQv39p2pTA4g5rdepaZ66vDQM0h5viN3VYgX:stLXh76CTAkagYDQMU5o7
Score

10^/10

evasion execution spyware stealer
- Modifies firewall policy service
  evasion
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionspywarestealer

behavioral2

evasionexecutionspywarestealer