da8f25710645585944814ee946e0e3d5edbc26cb884df830a004ba5ab334d18c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

475f7dc69d7ed1d7a5cb0580d38a2414_JaffaCakes118
Size

477KB
Sample

240715-ae7fksyenl
MD5

475f7dc69d7ed1d7a5cb0580d38a2414
SHA1

85614a6aafc44ec95439d89e959fca4a6d3f689c
SHA256

da8f25710645585944814ee946e0e3d5edbc26cb884df830a004ba5ab334d18c
SHA512

daf275dcdacdaa0c377886b978858abbaed3be83a38c0adda5adaa97862dd3c338dc06c6e52d0988f0caebb1aca3701f1a25e304a380093359d9b2de0a1d1b19
SSDEEP

6144:VrmEOwAAnmJU0VJrvOiM0xoy8FGVhbmAQ8aDKykB:lmB7An+/rsd+h6AhaJkB

Score

8^/10

defense_evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  475f7dc69d7ed1d7a5cb0580d38a2414_JaffaCakes118
- Size
  
  477KB
- MD5
  
  475f7dc69d7ed1d7a5cb0580d38a2414
- SHA1
  
  85614a6aafc44ec95439d89e959fca4a6d3f689c
- SHA256
  
  da8f25710645585944814ee946e0e3d5edbc26cb884df830a004ba5ab334d18c
- SHA512
  
  daf275dcdacdaa0c377886b978858abbaed3be83a38c0adda5adaa97862dd3c338dc06c6e52d0988f0caebb1aca3701f1a25e304a380093359d9b2de0a1d1b19
- SSDEEP
  
  6144:VrmEOwAAnmJU0VJrvOiM0xoy8FGVhbmAQ8aDKykB:lmB7An+/rsd+h6AhaJkB
Score

8^/10

defense_evasion persistence spyware stealer
- Drops file in Drivers directory
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Modifies WinLogon
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Hide Artifacts: Hidden Users
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Users

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistencespywarestealer

behavioral2