54a099ce13f9c2c13122ac64f036ef1d0d1a3a39eadc377b31b070f694441ddd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3148b16ce11f8ad7b5a010fad8969dc4_JaffaCakes118
Size

548KB
Sample

240709-vxdlfaxalg
MD5

3148b16ce11f8ad7b5a010fad8969dc4
SHA1

da62b67810d309787154a160375b73ce9db1eb5c
SHA256

54a099ce13f9c2c13122ac64f036ef1d0d1a3a39eadc377b31b070f694441ddd
SHA512

c4ccb01d7744902d3092f68ccfae43c00a4ba7d32a9a673b5fd85354badaac89649ec68c1d7f93c8382a3ad8e3596d7d7bed6426a485e2934d3f36e2dc34acee
SSDEEP

12288:EPVLZIhcTCPRjeWFgPu1A6UQOfPvEVjbat6Z9c:EPbGkmRjedG1A6U93CbA63c

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  3148b16ce11f8ad7b5a010fad8969dc4_JaffaCakes118
- Size
  
  548KB
- MD5
  
  3148b16ce11f8ad7b5a010fad8969dc4
- SHA1
  
  da62b67810d309787154a160375b73ce9db1eb5c
- SHA256
  
  54a099ce13f9c2c13122ac64f036ef1d0d1a3a39eadc377b31b070f694441ddd
- SHA512
  
  c4ccb01d7744902d3092f68ccfae43c00a4ba7d32a9a673b5fd85354badaac89649ec68c1d7f93c8382a3ad8e3596d7d7bed6426a485e2934d3f36e2dc34acee
- SSDEEP
  
  12288:EPVLZIhcTCPRjeWFgPu1A6UQOfPvEVjbat6Z9c:EPbGkmRjedG1A6U93CbA63c
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2