e9ad0d5f72b2efb21163fd0dd4b28e5109d14f48aa3c8caff21d69cf2f6f42fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e8f2e8756566134f558cfb4d2e8e61a_JaffaCakes118
Size

2.7MB
Sample

240712-xz79yawgrr
MD5

3e8f2e8756566134f558cfb4d2e8e61a
SHA1

9cf69710f1d0a5fd344bef6bb114753bc67c8269
SHA256

e9ad0d5f72b2efb21163fd0dd4b28e5109d14f48aa3c8caff21d69cf2f6f42fd
SHA512

a92ba11bc34cd291e03940c450bb61ccb276d9232b497d2341964c535a89211de610ac8d0c34d87cc0926017a93b100b0d9434c5c98c9fabf1440739f89b02e5
SSDEEP

49152:FigATUACHdAGqtr/MlkqLgHUaXZ2bVMXrY8hwmYJjF05qP:j7fdGdUlkMg0UZ2bV3whYJj2sP

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  3e8f2e8756566134f558cfb4d2e8e61a_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  3e8f2e8756566134f558cfb4d2e8e61a
- SHA1
  
  9cf69710f1d0a5fd344bef6bb114753bc67c8269
- SHA256
  
  e9ad0d5f72b2efb21163fd0dd4b28e5109d14f48aa3c8caff21d69cf2f6f42fd
- SHA512
  
  a92ba11bc34cd291e03940c450bb61ccb276d9232b497d2341964c535a89211de610ac8d0c34d87cc0926017a93b100b0d9434c5c98c9fabf1440739f89b02e5
- SSDEEP
  
  49152:FigATUACHdAGqtr/MlkqLgHUaXZ2bVMXrY8hwmYJjF05qP:j7fdGdUlkMg0UZ2bV3whYJj2sP
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2