c8e26282d16d383a962f67616a11a1338377b4f1668c57e2e652b447916ab66b | Triage

Sharing

General

Target

18098637720bdce77eeb119276a3049d_JaffaCakes118
Size

114KB
Sample

240627-31zbbazcmd
MD5

18098637720bdce77eeb119276a3049d
SHA1

e67d9d54fdd8e08b5b252f76d3c9d012a12cba5a
SHA256

c8e26282d16d383a962f67616a11a1338377b4f1668c57e2e652b447916ab66b
SHA512

0e3a0cad5989d4a57d7c18dfe87fb98ef1e41bc70126eb180bedd7baecc4ff73136ced754ec4cf9d5a59cd07bb0f8cdf44a833afbb60be561f57e1d7dd35caba
SSDEEP

3072:WNyah0mJ8NAPp/hag8c5WDElgsHBiod+ddczWRxY:WwPsppaghX6sHb8uqRxY

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  18098637720bdce77eeb119276a3049d_JaffaCakes118
- Size
  
  114KB
- MD5
  
  18098637720bdce77eeb119276a3049d
- SHA1
  
  e67d9d54fdd8e08b5b252f76d3c9d012a12cba5a
- SHA256
  
  c8e26282d16d383a962f67616a11a1338377b4f1668c57e2e652b447916ab66b
- SHA512
  
  0e3a0cad5989d4a57d7c18dfe87fb98ef1e41bc70126eb180bedd7baecc4ff73136ced754ec4cf9d5a59cd07bb0f8cdf44a833afbb60be561f57e1d7dd35caba
- SSDEEP
  
  3072:WNyah0mJ8NAPp/hag8c5WDElgsHBiod+ddczWRxY:WwPsppaghX6sHb8uqRxY
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  728d03c6922988977693be59715fd52e
- SHA1
  
  5f06287f574682a844722bcded04d335fb1b9a42
- SHA256
  
  3c28c4e66a5f16e7ae2c57ca9b0c2887730d82472ac1786b641bd7744931f73b
- SHA512
  
  ebad773bb271a7648d011c8d32eea35dbc8a9f1c7c0ecca440e62fd7fb0e24fc2403b548e32f7a92bb1577abb1f25ad0d353a019f253251a56a535264797f119
- SSDEEP
  
  96:Z+PBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tzGhEl5VN:Z+pepxPE1r8/FtmCDtag5v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/matrix33680.exe
- Size
  
  64KB
- MD5
  
  677dd6a715290bfa453cda92e6e00da4
- SHA1
  
  540f607d63f8715feaf53bca2ae96f727a9b7299
- SHA256
  
  81f17cc0d8b8c45468d024fcadca3242b1844989086103e7b5800c7a49861f63
- SHA512
  
  89839fc24b284ebfb4b840d6516c924726f586ac20314e9a8a0d1bffe66a61afdb41afba2a6baaffd27251c94f7facb817bf9a972c43517d0192a1685db6b094
- SSDEEP
  
  1536:aK35SBKH0CsPowaIHtrnCAMVN+8ve3tiJyK7A/i:aK3M8HwtjfMeIJyqA/
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  Uninstall.exe
- Size
  
  52KB
- MD5
  
  fba2c31e49d2614b02e2155b404deb0f
- SHA1
  
  370a228e9fd25b096cb6e9e3f052363d543d2d2d
- SHA256
  
  6efba3a89f14a67de966f381626a21d92915706427aea6b35c29b30d3bf5de8b
- SHA512
  
  c916258a5157fd8ae4c104149bd62a83a0055a61e5fbd8bacaf116a6e30e2ea19589725612a951f22b4079d5349b4ba7dbaa4797e9e7043e97c18cd0d323536b
- SSDEEP
  
  768:7Sup23EQCjlQRB8/ewZ1iU6nyYFxbssT/F/O71mJ52qjWb1JW492XF7gJ1BV:Wu4EQalMK/ewGnh0mJ8BJWBXF7+V
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8