d9f1c339e9b8e414904e16b4eb95a5f359fc79a3439ca50d709082c56abe5f11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

737eb1d8f86479e8e85f2821edaca78e_JaffaCakes118
Size

428KB
Sample

240726-lkehjatamh
MD5

737eb1d8f86479e8e85f2821edaca78e
SHA1

778a2559d4e866d44abfb79726bb1a4d952d914a
SHA256

d9f1c339e9b8e414904e16b4eb95a5f359fc79a3439ca50d709082c56abe5f11
SHA512

21bd51e1c48e0f14e07d067c3eb6213544a55be771cc00d2214a10bf70db13cdf35a34226e1031477b363a8e6c44662d577a29e3b9b4277ec0e3423ba84d21f2
SSDEEP

3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1

Score

10^/10

defense_evasion persistence spyware stealer

Malware Config

Targets

- Target
  
  737eb1d8f86479e8e85f2821edaca78e_JaffaCakes118
- Size
  
  428KB
- MD5
  
  737eb1d8f86479e8e85f2821edaca78e
- SHA1
  
  778a2559d4e866d44abfb79726bb1a4d952d914a
- SHA256
  
  d9f1c339e9b8e414904e16b4eb95a5f359fc79a3439ca50d709082c56abe5f11
- SHA512
  
  21bd51e1c48e0f14e07d067c3eb6213544a55be771cc00d2214a10bf70db13cdf35a34226e1031477b363a8e6c44662d577a29e3b9b4277ec0e3423ba84d21f2
- SSDEEP
  
  3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score

10^/10

defense_evasion persistence spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds policy Run key to start application
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistencespywarestealer

behavioral2

defense_evasionpersistencespywarestealer