4abb277f325ca26e40ff0d62166d8c96d161b0f9cbd320c6550dbbeb58b18962 | Triage

Sharing

General

Target

3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118
Size

36KB
Sample

240711-x1yf5azgpk
MD5

3a6c3462ebe8ba7e45eac769d157bfcf
SHA1

63ff1d6a68764c39c66e0086aaa09343cef8bad4
SHA256

4abb277f325ca26e40ff0d62166d8c96d161b0f9cbd320c6550dbbeb58b18962
SHA512

522098db125e91f081fe25c029029da2840e1e48fca302a94047d553c311b3342fd94c488e166a7ebf4489ff1b555525d643730b794a8d5b828cdc7989af944b
SSDEEP

384:mdouHSxfzyqxfMLhgP8Dhc2lkME6Q2Z53QA++k8t6lb99NFK/o5Akby9da5:gouHEbyUfMLhg+hc2lkW1W992va5

Score

10^/10

spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ren.aiq.ru
Port:
21
Username:
u338434
Password:
7uifudtk

Targets

- Target
  
  3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118
- Size
  
  36KB
- MD5
  
  3a6c3462ebe8ba7e45eac769d157bfcf
- SHA1
  
  63ff1d6a68764c39c66e0086aaa09343cef8bad4
- SHA256
  
  4abb277f325ca26e40ff0d62166d8c96d161b0f9cbd320c6550dbbeb58b18962
- SHA512
  
  522098db125e91f081fe25c029029da2840e1e48fca302a94047d553c311b3342fd94c488e166a7ebf4489ff1b555525d643730b794a8d5b828cdc7989af944b
- SSDEEP
  
  384:mdouHSxfzyqxfMLhgP8Dhc2lkME6Q2Z53QA++k8t6lb99NFK/o5Akby9da5:gouHEbyUfMLhg+hc2lkW1W992va5
Score

10^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2