f3db0be58f4f19c5a671c33dd8e198d0d5dc01ed28db7b32bfba3391234b42c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16c3dd5373d6abb723ec485641c00770_JaffaCakes118
Size

336KB
Sample

240627-ve1cgssgrn
MD5

16c3dd5373d6abb723ec485641c00770
SHA1

9831388128345f0b39cafc44ff7be90a7be7700d
SHA256

f3db0be58f4f19c5a671c33dd8e198d0d5dc01ed28db7b32bfba3391234b42c9
SHA512

a861d93f53648a9f4a52c0638ade6deda141974e527573ebfd3347871d5344384e4aedfb5c6cfe1f368960f20b6b18cdcd66f03235ee2f1dc330d51d6bd42b19
SSDEEP

6144:8Ms7wN5dKohKNPMcql2yS1a7cd5sTvrvgFLyo+igZT:a7wNmGKNzqYyPgd5er

Score

8^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  16c3dd5373d6abb723ec485641c00770_JaffaCakes118
- Size
  
  336KB
- MD5
  
  16c3dd5373d6abb723ec485641c00770
- SHA1
  
  9831388128345f0b39cafc44ff7be90a7be7700d
- SHA256
  
  f3db0be58f4f19c5a671c33dd8e198d0d5dc01ed28db7b32bfba3391234b42c9
- SHA512
  
  a861d93f53648a9f4a52c0638ade6deda141974e527573ebfd3347871d5344384e4aedfb5c6cfe1f368960f20b6b18cdcd66f03235ee2f1dc330d51d6bd42b19
- SSDEEP
  
  6144:8Ms7wN5dKohKNPMcql2yS1a7cd5sTvrvgFLyo+igZT:a7wNmGKNzqYyPgd5er
Score

8^/10

evasion persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2