467a7f33307bfe186fdf7232b176739c6716bab74d1f097abb1403db4bd9e5ac | Triage

Sharing

General

Target

488be57ec69574fc3f6e652bccb4564b_JaffaCakes118
Size

6.9MB
Sample

240715-gv5p9avcje
MD5

488be57ec69574fc3f6e652bccb4564b
SHA1

ae485696a1d78f534fcfbd57c8fca59c48fd99ea
SHA256

467a7f33307bfe186fdf7232b176739c6716bab74d1f097abb1403db4bd9e5ac
SHA512

f10b448cd8563f2bb53b184d492f32200decc0f6161683dc373a34ac643629d5e8e073a68c85acab982a7310c0056c8f4cd6cf637d8c6c9dd1d52406c421e32f
SSDEEP

196608:qt+gp1D+Dez9onJ5hrZER9xQ3jo4UR7+oPosA:ypNSez9c5hlER9xA2RSoP

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  488be57ec69574fc3f6e652bccb4564b_JaffaCakes118
- Size
  
  6.9MB
- MD5
  
  488be57ec69574fc3f6e652bccb4564b
- SHA1
  
  ae485696a1d78f534fcfbd57c8fca59c48fd99ea
- SHA256
  
  467a7f33307bfe186fdf7232b176739c6716bab74d1f097abb1403db4bd9e5ac
- SHA512
  
  f10b448cd8563f2bb53b184d492f32200decc0f6161683dc373a34ac643629d5e8e073a68c85acab982a7310c0056c8f4cd6cf637d8c6c9dd1d52406c421e32f
- SSDEEP
  
  196608:qt+gp1D+Dez9onJ5hrZER9xQ3jo4UR7+oPosA:ypNSez9c5hlER9xA2RSoP
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2