045eadd4373b86d8dfb47845c6d852ea3c5c917bf4ac6f35a02e9d409edd1815 | Triage

Sharing

General

Target

18be026b300edca3362e4829381a67bf_JaffaCakes118
Size

216KB
Sample

240628-evlahatbrr
MD5

18be026b300edca3362e4829381a67bf
SHA1

f11c4db2595112e914df003c9731c76a538b91e3
SHA256

045eadd4373b86d8dfb47845c6d852ea3c5c917bf4ac6f35a02e9d409edd1815
SHA512

94cb580e56376cc4ec7662b974ad5b522641da1eb1ccba0d5d338f8dc4892b0336bacdb9222d67d8ade68055ba109ac3f5ceef845c16ecea0256779f63bf2424
SSDEEP

6144:J+fLoJThyk047RTtfMfnz9NOIngb/y27G:Woh7Tmvrnx

Score

10^/10

spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
anonovo.freehostia.com
Port:
21
Username:
ananov
Password:
24233854

Targets

- Target
  
  18be026b300edca3362e4829381a67bf_JaffaCakes118
- Size
  
  216KB
- MD5
  
  18be026b300edca3362e4829381a67bf
- SHA1
  
  f11c4db2595112e914df003c9731c76a538b91e3
- SHA256
  
  045eadd4373b86d8dfb47845c6d852ea3c5c917bf4ac6f35a02e9d409edd1815
- SHA512
  
  94cb580e56376cc4ec7662b974ad5b522641da1eb1ccba0d5d338f8dc4892b0336bacdb9222d67d8ade68055ba109ac3f5ceef845c16ecea0256779f63bf2424
- SSDEEP
  
  6144:J+fLoJThyk047RTtfMfnz9NOIngb/y27G:Woh7Tmvrnx
Score

10^/10

spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2