a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

671dc61740...18.exe

windows7-x64

671dc61740...18.exe

windows10-2004-x64

Sharing

General

Target

671dc61740c13b2f4be45f74383472fd_JaffaCakes118
Size

1.2MB
Sample

240723-lzlkdszdne
MD5

671dc61740c13b2f4be45f74383472fd
SHA1

29d302edc1887cb0b94246ed1252cb17ef185a4a
SHA256

a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d
SHA512

4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9
SSDEEP

24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N

Score

10^/10

persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

671dc61740c13b2f4be45f74383472fd_JaffaCakes118.exe

Resource

win7-20240704-en

persistence spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

671dc61740c13b2f4be45f74383472fd_JaffaCakes118.exe

Resource

win10v2004-20240709-en

persistence spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
009613123

Targets

- Target
  
  671dc61740c13b2f4be45f74383472fd_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  671dc61740c13b2f4be45f74383472fd
- SHA1
  
  29d302edc1887cb0b94246ed1252cb17ef185a4a
- SHA256
  
  a06eed8209ef414d452fa00ab3cd021ef75ecc1eda22694bfbdde21f0dd8ec2d
- SHA512
  
  4dc9c9454ac1db2dfa9b6cbdb111c73c08969c8fb40e898577294f3dd3560f8853884ad1abc374d2d1f33bc6fa4f32f8113d95f4f75307d3322df51289a091a9
- SSDEEP
  
  24576:rmUq5++3ZMzuaUKub/0V6fr4k1EPhJ7af6PUpYM+yP0L2N:r85++pMDUKubsO4cghDeYMz0L2N
Score

10^/10

persistence spyware stealer upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy