d62fb3a03bf9c9cefad377c85045999b6417f7a07efd17c862d2c97c3466f48d | Triage

Sharing

General

Target

37996fd8239a18d64cf5eafc86627373_JaffaCakes118
Size

324KB
Sample

240711-ed5ykszeqa
MD5

37996fd8239a18d64cf5eafc86627373
SHA1

562312f660b82d65fecb86c46b156972b96ab735
SHA256

d62fb3a03bf9c9cefad377c85045999b6417f7a07efd17c862d2c97c3466f48d
SHA512

7310fdd41fd9a738438e68252c442b89418b67855dda1d1c56c311a283e8ba0b5a0cee1e4a2c388a6d421fdd23701e57222108a91ecbc8bd2de6110f3fdcc576
SSDEEP

6144:BLnmoPQvC3VlMr9gJn24YwWTv3DZv9fQ0FcUUMQsbDHWGsYu/b1jze8NxHk4pdvv:tmSQqla2pWTvVv9YAY3GsF5zfFTD

Score

8^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  37996fd8239a18d64cf5eafc86627373_JaffaCakes118
- Size
  
  324KB
- MD5
  
  37996fd8239a18d64cf5eafc86627373
- SHA1
  
  562312f660b82d65fecb86c46b156972b96ab735
- SHA256
  
  d62fb3a03bf9c9cefad377c85045999b6417f7a07efd17c862d2c97c3466f48d
- SHA512
  
  7310fdd41fd9a738438e68252c442b89418b67855dda1d1c56c311a283e8ba0b5a0cee1e4a2c388a6d421fdd23701e57222108a91ecbc8bd2de6110f3fdcc576
- SSDEEP
  
  6144:BLnmoPQvC3VlMr9gJn24YwWTv3DZv9fQ0FcUUMQsbDHWGsYu/b1jze8NxHk4pdvv:tmSQqla2pWTvVv9YAY3GsF5zfFTD
Score

8^/10

evasion persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2