76133759d07a9dfb39a2c8727ec8fe7a74a5fe3682e5f906157307546524502b | Triage

Sharing

General

Target

64cd2cba12f50a6d38186c0bbe417dbb_JaffaCakes118
Size

288KB
Sample

240722-zw37xsydlm
MD5

64cd2cba12f50a6d38186c0bbe417dbb
SHA1

cc732b389200b103959ef0b3bfb908c35a66d1b7
SHA256

76133759d07a9dfb39a2c8727ec8fe7a74a5fe3682e5f906157307546524502b
SHA512

ddebf33076b84390e3d64ed7ff3786a9bea30a802441262ca415d16f473b31f225872620b91a77a2776da9c15fb1dfd5a1d765e83f76dc003743024fbafd2d3e
SSDEEP

6144:xwAcCviSDQUD2yiM/32gWkqBBl6acYMiE2zEbr6lKE1mOjhwai:LjdlEgMUYlBWelbmCVi

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  64cd2cba12f50a6d38186c0bbe417dbb_JaffaCakes118
- Size
  
  288KB
- MD5
  
  64cd2cba12f50a6d38186c0bbe417dbb
- SHA1
  
  cc732b389200b103959ef0b3bfb908c35a66d1b7
- SHA256
  
  76133759d07a9dfb39a2c8727ec8fe7a74a5fe3682e5f906157307546524502b
- SHA512
  
  ddebf33076b84390e3d64ed7ff3786a9bea30a802441262ca415d16f473b31f225872620b91a77a2776da9c15fb1dfd5a1d765e83f76dc003743024fbafd2d3e
- SSDEEP
  
  6144:xwAcCviSDQUD2yiM/32gWkqBBl6acYMiE2zEbr6lKE1mOjhwai:LjdlEgMUYlBWelbmCVi
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2