9303e3baf33d922a924c20bea77830dad55b7800d75e26f04e3c1bf5eed9cb9c | Triage

Submit
Reports

Overview

overview

7

Static

static

3

8e119148ed...18.exe

windows7-x64

7

8e119148ed...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

8e119148ed2334ff1a38e335a0005392_JaffaCakes118
Size

361KB
Sample

240812-kmqg5stcll
MD5

8e119148ed2334ff1a38e335a0005392
SHA1

a5ef8d1c4047beb74faa455d920063a5b2358b44
SHA256

9303e3baf33d922a924c20bea77830dad55b7800d75e26f04e3c1bf5eed9cb9c
SHA512

09bc1e943f6d6cde09bbb2cd032e8645ee946e0010d5465e620aae7d1ef8427ca68adb2508642961356ad5db1d1362608ef303cb2caf3eabbf3e52ed9ef07e9d
SSDEEP

6144:o/J7r0hTa33q2J7K8dOMZDRLgZ97dCtFjp7j5pb2zNDpDopgxoRpxtIx5M2:o/JEYqARLgEtFpxtepobRCxS2

Score

7^/10

collection credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8e119148ed2334ff1a38e335a0005392_JaffaCakes118.exe

Resource

win7-20240705-en

collection credential_access discovery spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e119148ed2334ff1a38e335a0005392_JaffaCakes118.exe

Resource

win10v2004-20240802-en

collection credential_access discovery spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e119148ed2334ff1a38e335a0005392_JaffaCakes118
- Size
  
  361KB
- MD5
  
  8e119148ed2334ff1a38e335a0005392
- SHA1
  
  a5ef8d1c4047beb74faa455d920063a5b2358b44
- SHA256
  
  9303e3baf33d922a924c20bea77830dad55b7800d75e26f04e3c1bf5eed9cb9c
- SHA512
  
  09bc1e943f6d6cde09bbb2cd032e8645ee946e0010d5465e620aae7d1ef8427ca68adb2508642961356ad5db1d1362608ef303cb2caf3eabbf3e52ed9ef07e9d
- SSDEEP
  
  6144:o/J7r0hTa33q2J7K8dOMZDRLgZ97dCtFjp7j5pb2zNDpDopgxoRpxtIx5M2:o/JEYqARLgEtFpxtepobRCxS2
Score

7^/10

collection credential_access discovery spyware stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryspywarestealer

behavioral2

collectioncredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy