4abb277f325ca26e40ff0d62166d8c96d161b0f9cbd320c6550dbbeb58b18962 | Triage

Submit
Reports

Overview

overview

Static

static

3

3a6c3462eb...18.exe

windows7-x64

3a6c3462eb...18.exe

windows10-2004-x64

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 19:19

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118.exe

Resource

win7-20240705-en

spyware stealer

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118.exe

Resource

win10v2004-20240709-en

spyware stealer

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118.exe
Size

36KB
MD5

3a6c3462ebe8ba7e45eac769d157bfcf
SHA1

63ff1d6a68764c39c66e0086aaa09343cef8bad4
SHA256

4abb277f325ca26e40ff0d62166d8c96d161b0f9cbd320c6550dbbeb58b18962
SHA512

522098db125e91f081fe25c029029da2840e1e48fca302a94047d553c311b3342fd94c488e166a7ebf4489ff1b555525d643730b794a8d5b828cdc7989af944b
SSDEEP

384:mdouHSxfzyqxfMLhgP8Dhc2lkME6Q2Z53QA++k8t6lb99NFK/o5Akby9da5:gouHEbyUfMLhg+hc2lkW1W992va5

Score

10^/10

spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ren.aiq.ru
Port:
21
Username:
u338434
Password:
7uifudtk

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Processes

C:\Users\Admin\AppData\Local\Temp\3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3a6c3462ebe8ba7e45eac769d157bfcf_JaffaCakes118.exe"
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2572-0-0x00007FFEDE775000-0x00007FFEDE776000-memory.dmp

Filesize
4KB

Download
memory/2572-1-0x00007FFEDE4C0000-0x00007FFEDEE61000-memory.dmp

Filesize
9.6MB

Download
memory/2572-2-0x00007FFEDE4C0000-0x00007FFEDEE61000-memory.dmp

Filesize
9.6MB

Download
memory/2572-3-0x00007FFEDE4C0000-0x00007FFEDEE61000-memory.dmp

Filesize
9.6MB

Download
memory/2572-4-0x00007FFEDE775000-0x00007FFEDE776000-memory.dmp

Filesize
4KB

Download
memory/2572-5-0x00007FFEDE4C0000-0x00007FFEDEE61000-memory.dmp

Filesize
9.6MB

Download
memory/2572-7-0x00007FFEDE4C0000-0x00007FFEDEE61000-memory.dmp

Filesize
9.6MB

Download

© 2018-2025

Terms | Privacy