22ba9ffb3f7db616d6458c89011dc8dc20b6164597df1c48adab03125d1c00bc | Triage

Sharing

General

Target

476c2693f84de69b7a08a855610802f5_JaffaCakes118
Size

10KB
Sample

240715-anrfqayhnn
MD5

476c2693f84de69b7a08a855610802f5
SHA1

0388670a0f6a1b28c86014497cc19c2c3de3a699
SHA256

22ba9ffb3f7db616d6458c89011dc8dc20b6164597df1c48adab03125d1c00bc
SHA512

0bc6d5625a027a78b195a713aad7d7418d76d78273ca66cbfb4c3fcb27cf048effb6f641aea7c4c98640de97728d4ae0f276a5ac191c2c48a37b28f5db579dc6
SSDEEP

192:YdV5pxgnVPQoEYp+ajFwMhyHtNhBwttu5MW3jXAn:kV5pxZaZwMh+tXL5MuDi

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  476c2693f84de69b7a08a855610802f5_JaffaCakes118
- Size
  
  10KB
- MD5
  
  476c2693f84de69b7a08a855610802f5
- SHA1
  
  0388670a0f6a1b28c86014497cc19c2c3de3a699
- SHA256
  
  22ba9ffb3f7db616d6458c89011dc8dc20b6164597df1c48adab03125d1c00bc
- SHA512
  
  0bc6d5625a027a78b195a713aad7d7418d76d78273ca66cbfb4c3fcb27cf048effb6f641aea7c4c98640de97728d4ae0f276a5ac191c2c48a37b28f5db579dc6
- SSDEEP
  
  192:YdV5pxgnVPQoEYp+ajFwMhyHtNhBwttu5MW3jXAn:kV5pxZaZwMh+tXL5MuDi
Score

7^/10

spyware stealer
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2