Overview

overview

7

Static

static

3

8251d3d5a4...18.exe

windows7-x64

7

8251d3d5a4...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    8251d3d5a410fb0c1e4c6cde13e92cb1_JaffaCakes118

  • Size

    196KB

  • Sample

    240802-ap8fmayhnh

  • MD5

    8251d3d5a410fb0c1e4c6cde13e92cb1

  • SHA1

    82c0753f3b49a2a6cb5f4e05f72839fb659342ba

  • SHA256

    762435b25778776cc18fe719e49c75bc64ac430e0f4e9f925a7d7d5b42c97070

  • SHA512

    b3ebaec4353d451e813ee7ffb6a4ff05e449d617457be91427dce1268ba415f00f286f626e6db4743b305497ec8590a7f249587ad368bf233fbbc135078c0155

  • SSDEEP

    3072:iTpAog5YvfMkCe3n5RbuKPaOuw1jnXtypmmVim3qwiUC79vJOo9m8Qu86vJS:iTpAogiB3nPuKH73wib9vHQuvvU

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      8251d3d5a410fb0c1e4c6cde13e92cb1_JaffaCakes118

    • Size

      196KB

    • MD5

      8251d3d5a410fb0c1e4c6cde13e92cb1

    • SHA1

      82c0753f3b49a2a6cb5f4e05f72839fb659342ba

    • SHA256

      762435b25778776cc18fe719e49c75bc64ac430e0f4e9f925a7d7d5b42c97070

    • SHA512

      b3ebaec4353d451e813ee7ffb6a4ff05e449d617457be91427dce1268ba415f00f286f626e6db4743b305497ec8590a7f249587ad368bf233fbbc135078c0155

    • SSDEEP

      3072:iTpAog5YvfMkCe3n5RbuKPaOuw1jnXtypmmVim3qwiUC79vJOo9m8Qu86vJS:iTpAogiB3nPuKH73wib9vHQuvvU

    Score
    7/10
    discoverypersistencespywarestealer

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks