Overview

overview

9

Static

static

9

a449fbab67...18.exe

windows7-x64

9

a449fbab67...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    a449fbab67a3e46ae044ba614262fc49_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240817-1s215aygqf

  • MD5

    a449fbab67a3e46ae044ba614262fc49

  • SHA1

    cb68a6d3810c5d1d9ddd8347fb4c0efe574c94fc

  • SHA256

    78476c66aec2896e7f1913cfbd8c303f2f50dbfac7c276689a04443cd5ebd380

  • SHA512

    d2e3fb101313d115500e21e8a03d72d73cf02e9e3b246282fc832eeb14c1a2caf1b6987009730fa5246c850996f327704b95d47228d54df26c70b8f70bb50930

  • SSDEEP

    49152:pvZv7FZYeiLxPQ6u4sOEvazaoGleXJmtO:NdZZmLhQ6zsBneXJm4

Score
9/10
collectiondiscovery

Malware Config

Targets

    • Target

      a449fbab67a3e46ae044ba614262fc49_JaffaCakes118

    • Size

      1.7MB

    • MD5

      a449fbab67a3e46ae044ba614262fc49

    • SHA1

      cb68a6d3810c5d1d9ddd8347fb4c0efe574c94fc

    • SHA256

      78476c66aec2896e7f1913cfbd8c303f2f50dbfac7c276689a04443cd5ebd380

    • SHA512

      d2e3fb101313d115500e21e8a03d72d73cf02e9e3b246282fc832eeb14c1a2caf1b6987009730fa5246c850996f327704b95d47228d54df26c70b8f70bb50930

    • SSDEEP

      49152:pvZv7FZYeiLxPQ6u4sOEvazaoGleXJmtO:NdZZmLhQ6zsBneXJm4

    Score
    9/10
    collectiondiscovery

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks