ee74cc755314a258d1f581521843673fdd2e5ccbc38f7f5383975828ac741ca9 | Triage

Sharing

General

Target

606385a2e6cfbb68a58914ffa95a8c15_JaffaCakes118
Size

336KB
Sample

240720-3a6mpszemf
MD5

606385a2e6cfbb68a58914ffa95a8c15
SHA1

2d31695673e4fa7c1e090b14a93d2b982f05a4e2
SHA256

ee74cc755314a258d1f581521843673fdd2e5ccbc38f7f5383975828ac741ca9
SHA512

e117c245358f215027966875e0293bef9783699e47ce5e33be7e8bd0326310abfcfba9596e3a0ac0e2c3675cd9b7a510b1457f79bec6cffc47195a3968e1d5f9
SSDEEP

6144:Pe1ti+Fq9VR1umcY2LXad+1soDtJvQYwO136DtlAoaUfY/vaB5J/pyT:8iCaR1oad+dDtZb1mpfY/vq

Score

8^/10

evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  606385a2e6cfbb68a58914ffa95a8c15_JaffaCakes118
- Size
  
  336KB
- MD5
  
  606385a2e6cfbb68a58914ffa95a8c15
- SHA1
  
  2d31695673e4fa7c1e090b14a93d2b982f05a4e2
- SHA256
  
  ee74cc755314a258d1f581521843673fdd2e5ccbc38f7f5383975828ac741ca9
- SHA512
  
  e117c245358f215027966875e0293bef9783699e47ce5e33be7e8bd0326310abfcfba9596e3a0ac0e2c3675cd9b7a510b1457f79bec6cffc47195a3968e1d5f9
- SSDEEP
  
  6144:Pe1ti+Fq9VR1umcY2LXad+1soDtJvQYwO136DtlAoaUfY/vaB5J/pyT:8iCaR1oad+dDtZb1mpfY/vq
Score

8^/10

evasion persistence spyware stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2