62e4bcbfae9ac111acaed4cbacca0080a62bd1d0efa9aa26343105c537fbcb0d | Triage

Sharing

General

Target

2fdc57f1ccf76b7d688b470ee9374a3a_JaffaCakes118
Size

6.6MB
Sample

240709-lntrmazdlg
MD5

2fdc57f1ccf76b7d688b470ee9374a3a
SHA1

9efeec94d89c4f981113be14b071627a87f7189b
SHA256

62e4bcbfae9ac111acaed4cbacca0080a62bd1d0efa9aa26343105c537fbcb0d
SHA512

c40f43b06e151be2231c0760fe974af50ab03a7aa7eb3e9dc9a733c3668af76a132b19446fe83e16715b40ed9117603c5ae2f6be50551bdb7fb533af405ddcf2
SSDEEP

196608:A4F5usBnUvcyE24ZsFsA+xDbQe33Jw3t7m9hBmIo4YuV9Xmo+iUAxR2:L3NByolZksA+xpHdI9sXmo/vx8

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2fdc57f1ccf76b7d688b470ee9374a3a_JaffaCakes118
- Size
  
  6.6MB
- MD5
  
  2fdc57f1ccf76b7d688b470ee9374a3a
- SHA1
  
  9efeec94d89c4f981113be14b071627a87f7189b
- SHA256
  
  62e4bcbfae9ac111acaed4cbacca0080a62bd1d0efa9aa26343105c537fbcb0d
- SHA512
  
  c40f43b06e151be2231c0760fe974af50ab03a7aa7eb3e9dc9a733c3668af76a132b19446fe83e16715b40ed9117603c5ae2f6be50551bdb7fb533af405ddcf2
- SSDEEP
  
  196608:A4F5usBnUvcyE24ZsFsA+xDbQe33Jw3t7m9hBmIo4YuV9Xmo+iUAxR2:L3NByolZksA+xpHdI9sXmo/vx8
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2