Overview

overview

9

Static

static

3

287d06e340...18.exe

windows7-x64

9

287d06e340...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    287d06e34046b69e2c1bf1b56b8ccf17_JaffaCakes118

  • Size

    490KB

  • Sample

    240706-rtsz6s1apl

  • MD5

    287d06e34046b69e2c1bf1b56b8ccf17

  • SHA1

    e7ae10b71839e364c2907ea77b83aa05e8406795

  • SHA256

    c3cd3618addd9e7b5defadae7e2515669c94766273f691ec6e15f18105f34384

  • SHA512

    1157ca6e667eb05f8367c226ea980a28650d3341bc3985e338afa0b57f0e0ffb178b30c4439c1b9a69e9b88cbecb258b4a5e75a792be08386cb033498e569d00

  • SSDEEP

    12288:27rEYco+gunfCEAWPewQJiRqnO0LCj+nW0R:SrZun6FMuW0R

Score
9/10
collectionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      287d06e34046b69e2c1bf1b56b8ccf17_JaffaCakes118

    • Size

      490KB

    • MD5

      287d06e34046b69e2c1bf1b56b8ccf17

    • SHA1

      e7ae10b71839e364c2907ea77b83aa05e8406795

    • SHA256

      c3cd3618addd9e7b5defadae7e2515669c94766273f691ec6e15f18105f34384

    • SHA512

      1157ca6e667eb05f8367c226ea980a28650d3341bc3985e338afa0b57f0e0ffb178b30c4439c1b9a69e9b88cbecb258b4a5e75a792be08386cb033498e569d00

    • SSDEEP

      12288:27rEYco+gunfCEAWPewQJiRqnO0LCj+nW0R:SrZun6FMuW0R

    Score
    9/10
    collectionpersistencespywarestealerupx

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks