d0bd104b9d9f9d92c7cd2c55f3b53912c22213a50795cbbe96db7f242aa84d8e | Triage

Submit
Reports

Overview

overview

Static

static

3

3e8bde9ae5...18.exe

windows7-x64

3e8bde9ae5...18.exe

windows10-2004-x64

Sharing

General

Target

3e8bde9ae57acb06c8814256e164527f_JaffaCakes118
Size

1.3MB
Sample

240712-xxxqesyfkd
MD5

3e8bde9ae57acb06c8814256e164527f
SHA1

9eb3ed407b6f198de315fd82cd24d3dac1f01ea1
SHA256

d0bd104b9d9f9d92c7cd2c55f3b53912c22213a50795cbbe96db7f242aa84d8e
SHA512

1cbf683be0a79bf6eaf8a1ae03954e1a9e7c29b85af38aafa83582ccd8525a5e90875a4f8ee402653f514d80235c85c40294e494cba078d49a7c29ef29635dc2
SSDEEP

12288:zrFqgvk90di6ZBjfwXZhjDmoKURwiTrqAXJ3xfbAN0ZaAcgnNG6a86KEW/T/0Yy:zrJkX6ZFyZhuOBrqAXHANCGU7/by

Score

10^/10

evasion execution spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3e8bde9ae57acb06c8814256e164527f_JaffaCakes118.exe

Resource

win7-20240704-en

evasion execution spyware stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e8bde9ae57acb06c8814256e164527f_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion execution spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e8bde9ae57acb06c8814256e164527f_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  3e8bde9ae57acb06c8814256e164527f
- SHA1
  
  9eb3ed407b6f198de315fd82cd24d3dac1f01ea1
- SHA256
  
  d0bd104b9d9f9d92c7cd2c55f3b53912c22213a50795cbbe96db7f242aa84d8e
- SHA512
  
  1cbf683be0a79bf6eaf8a1ae03954e1a9e7c29b85af38aafa83582ccd8525a5e90875a4f8ee402653f514d80235c85c40294e494cba078d49a7c29ef29635dc2
- SSDEEP
  
  12288:zrFqgvk90di6ZBjfwXZhjDmoKURwiTrqAXJ3xfbAN0ZaAcgnNG6a86KEW/T/0Yy:zrJkX6ZFyZhuOBrqAXHANCGU7/by
Score

10^/10

evasion execution spyware stealer upx
- Disables service(s)
  evasion execution
- Stops running service(s)
  evasion execution
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionspywarestealerupx

behavioral2

evasionexecutionspywarestealerupx

© 2018-2025

Terms | Privacy