Overview

overview

7

Static

static

3

72286a2f83...18.exe

windows7-x64

7

72286a2f83...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72286a2f8319db8606fb34892e88750a_JaffaCakes118

  • Size

    141KB

  • Sample

    240726-cc4b9asdjh

  • MD5

    72286a2f8319db8606fb34892e88750a

  • SHA1

    feb65e6daf7a5386c059ba171a32c39d109375f8

  • SHA256

    d9522844d78148890f42f4b6747fea772dfd2af8c22118e082880866f37feebb

  • SHA512

    b5a2673d8bbb59661d29a3228492eb8f865ed0a97eb91dfd0e82700095312ae3a7b434af7c0a771fbb34ef75cb37ed13bb2be8b97294c535f0a48bf8d52d10ee

  • SSDEEP

    3072:Y8MT8d+KIcHzuj0kAuQT0c1vj6dJRUJChjmDhCPWu7B1C0LcV0kSX:YN8dJIf7OV7JChjmDQgVT

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      72286a2f8319db8606fb34892e88750a_JaffaCakes118

    • Size

      141KB

    • MD5

      72286a2f8319db8606fb34892e88750a

    • SHA1

      feb65e6daf7a5386c059ba171a32c39d109375f8

    • SHA256

      d9522844d78148890f42f4b6747fea772dfd2af8c22118e082880866f37feebb

    • SHA512

      b5a2673d8bbb59661d29a3228492eb8f865ed0a97eb91dfd0e82700095312ae3a7b434af7c0a771fbb34ef75cb37ed13bb2be8b97294c535f0a48bf8d52d10ee

    • SSDEEP

      3072:Y8MT8d+KIcHzuj0kAuQT0c1vj6dJRUJChjmDhCPWu7B1C0LcV0kSX:YN8dJIf7OV7JChjmDQgVT

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks