9c8cd428dc220ad78cba687b65801452f1e415fb0576b7f28cbc3a5512f046e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8417f17a134fa15a22bc4f13296d6300_JaffaCakes118
Size

193KB
Sample

240810-ad2hyazfqd
MD5

8417f17a134fa15a22bc4f13296d6300
SHA1

92d31d62f1b9b048ba1dda2fe5e0342e99c24518
SHA256

9c8cd428dc220ad78cba687b65801452f1e415fb0576b7f28cbc3a5512f046e1
SHA512

5611fb672b840ff06ebd1601e06121291004d88ca37baf13f685e55aecc2acdf52193d7362d71182f846bdc531e1f0bd7abfe2e2c0617a9e6eae349b2dbf07c0
SSDEEP

3072:oX9URJpcgpTychgVAW9Epjg4GSyNUYAGatyg88Dfd0MzR+vZHNKigULF8x:omTyaJgV0VySyNUYdaL8CHl+vxNKign

Score

7^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  8417f17a134fa15a22bc4f13296d6300_JaffaCakes118
- Size
  
  193KB
- MD5
  
  8417f17a134fa15a22bc4f13296d6300
- SHA1
  
  92d31d62f1b9b048ba1dda2fe5e0342e99c24518
- SHA256
  
  9c8cd428dc220ad78cba687b65801452f1e415fb0576b7f28cbc3a5512f046e1
- SHA512
  
  5611fb672b840ff06ebd1601e06121291004d88ca37baf13f685e55aecc2acdf52193d7362d71182f846bdc531e1f0bd7abfe2e2c0617a9e6eae349b2dbf07c0
- SSDEEP
  
  3072:oX9URJpcgpTychgVAW9Epjg4GSyNUYAGatyg88Dfd0MzR+vZHNKigULF8x:omTyaJgV0VySyNUYdaL8CHl+vxNKign
Score

7^/10

discovery persistence spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2