8227f747e2e8a8c6aa0a0adc41b5531bc4938c5f84632e5a4a44f31cbcbe34c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

895d5e746da41e0688e4ffc3a12c69c1_JaffaCakes118
Size

53KB
Sample

240811-hc8jvssglh
MD5

895d5e746da41e0688e4ffc3a12c69c1
SHA1

e76de2f65fce3bd02b80fb876951655b4ae59799
SHA256

8227f747e2e8a8c6aa0a0adc41b5531bc4938c5f84632e5a4a44f31cbcbe34c8
SHA512

879a725dce69902da35ce1c52b89c120360d9dd0e9d55992214d356eb95f17b000c1fd92db74a67d8f8a80f3532d4c01c4f84d4825d44bb4acbfa098b3083513
SSDEEP

1536:VMBN7SPiGtBoREbHIy4iQTMj1Zl3m9TZ8//1GeJ:KBN7ai0Bo2ky41wJb3XF

Score

10^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  895d5e746da41e0688e4ffc3a12c69c1_JaffaCakes118
- Size
  
  53KB
- MD5
  
  895d5e746da41e0688e4ffc3a12c69c1
- SHA1
  
  e76de2f65fce3bd02b80fb876951655b4ae59799
- SHA256
  
  8227f747e2e8a8c6aa0a0adc41b5531bc4938c5f84632e5a4a44f31cbcbe34c8
- SHA512
  
  879a725dce69902da35ce1c52b89c120360d9dd0e9d55992214d356eb95f17b000c1fd92db74a67d8f8a80f3532d4c01c4f84d4825d44bb4acbfa098b3083513
- SSDEEP
  
  1536:VMBN7SPiGtBoREbHIy4iQTMj1Zl3m9TZ8//1GeJ:KBN7ai0Bo2ky41wJb3XF
Score

10^/10

discovery persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2