1c195f123314403488502df64fc92777fafd399bd4468a7ef499c5b009c4c5e0 | Triage

Sharing

General

Target

85df87bbaa4b865175047ec06b8a4e7c_JaffaCakes118
Size

132KB
Sample

240810-njw3asxcjl
MD5

85df87bbaa4b865175047ec06b8a4e7c
SHA1

cd556bbea6be04dd3608d39c27eacbc2463c74f4
SHA256

1c195f123314403488502df64fc92777fafd399bd4468a7ef499c5b009c4c5e0
SHA512

fecf644985ff7121504eb0db7ca33fda74e895c66d90110261168fe662ddfd67bccbddc90fc7e92d9a7ea0f4241d2da24356370687a2c177314404788781511d
SSDEEP

3072:Ro5xY9VjrFaLG9ID4HT0CwANauWoP7O19RlxXmNf9O69:m5EVjJa5AC78TOm

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  85df87bbaa4b865175047ec06b8a4e7c_JaffaCakes118
- Size
  
  132KB
- MD5
  
  85df87bbaa4b865175047ec06b8a4e7c
- SHA1
  
  cd556bbea6be04dd3608d39c27eacbc2463c74f4
- SHA256
  
  1c195f123314403488502df64fc92777fafd399bd4468a7ef499c5b009c4c5e0
- SHA512
  
  fecf644985ff7121504eb0db7ca33fda74e895c66d90110261168fe662ddfd67bccbddc90fc7e92d9a7ea0f4241d2da24356370687a2c177314404788781511d
- SSDEEP
  
  3072:Ro5xY9VjrFaLG9ID4HT0CwANauWoP7O19RlxXmNf9O69:m5EVjJa5AC78TOm
Score

7^/10

discovery persistence spyware stealer upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2