ce4ff16a3af9ba9a1111a73244732a110305b24dd80eeb57b79ef6a5c82ae2be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118
Size

170KB
Sample

240713-l29d8swfjl
MD5

41377b2f8b94eb3df31a4c4a557f0194
SHA1

009666bb3521617e4a3b4da5528670d1a83fa034
SHA256

ce4ff16a3af9ba9a1111a73244732a110305b24dd80eeb57b79ef6a5c82ae2be
SHA512

cf39b31a41b89d5b0420afc3eec7e142fcd1d04a2484a3fbffcf8bed69ad87f6fc2210c2009d409d156876f99a86e794856420cb7aeaab7792097844f4714b2b
SSDEEP

3072:yiDAim01y//lD2NTzSf9nrRgvoJVvjQePaXZpI8kilSs6nFGU4HuVKf/B6Zo:yiDAiK//lSMKuVrQJXjkiQFGUeMk7

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118
- Size
  
  170KB
- MD5
  
  41377b2f8b94eb3df31a4c4a557f0194
- SHA1
  
  009666bb3521617e4a3b4da5528670d1a83fa034
- SHA256
  
  ce4ff16a3af9ba9a1111a73244732a110305b24dd80eeb57b79ef6a5c82ae2be
- SHA512
  
  cf39b31a41b89d5b0420afc3eec7e142fcd1d04a2484a3fbffcf8bed69ad87f6fc2210c2009d409d156876f99a86e794856420cb7aeaab7792097844f4714b2b
- SSDEEP
  
  3072:yiDAim01y//lD2NTzSf9nrRgvoJVvjQePaXZpI8kilSs6nFGU4HuVKf/B6Zo:yiDAiK//lSMKuVrQJXjkiQFGUeMk7
Score

7^/10

persistence spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2