ef723724652c009262a5157274318e530cfcdcc0018c503c7d19bf0244fd3739 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

a5cbf195c5...18.exe

windows7-x64

7

a5cbf195c5...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

a5cbf195c59de1dcf5bab1df754597e7_JaffaCakes118
Size

169KB
Sample

240818-hndhvs1fma
MD5

a5cbf195c59de1dcf5bab1df754597e7
SHA1

837efed6876fc069c0afd60f7abfe67faf92c620
SHA256

ef723724652c009262a5157274318e530cfcdcc0018c503c7d19bf0244fd3739
SHA512

e94ea114392f9139d065076fcb80822d86f0416757a41989f8d095ddf153850039198773b18fb56c234840603ce8c6c19c89a8cd8e8ffda88067594c3bc1be58
SSDEEP

3072:hvTystzwmp8wFxuw+O8lnUIpAKuMP5QSIrrHJOVtZM32ZM7qymS4ZS4qTnVJX/CO:5zxawFIp1cKZQSqrHCY2ZuqEklqTnV

Score

7^/10

discovery persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a5cbf195c59de1dcf5bab1df754597e7_JaffaCakes118.exe

Resource

win7-20240705-en

discovery persistence spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5cbf195c59de1dcf5bab1df754597e7_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5cbf195c59de1dcf5bab1df754597e7_JaffaCakes118
- Size
  
  169KB
- MD5
  
  a5cbf195c59de1dcf5bab1df754597e7
- SHA1
  
  837efed6876fc069c0afd60f7abfe67faf92c620
- SHA256
  
  ef723724652c009262a5157274318e530cfcdcc0018c503c7d19bf0244fd3739
- SHA512
  
  e94ea114392f9139d065076fcb80822d86f0416757a41989f8d095ddf153850039198773b18fb56c234840603ce8c6c19c89a8cd8e8ffda88067594c3bc1be58
- SSDEEP
  
  3072:hvTystzwmp8wFxuw+O8lnUIpAKuMP5QSIrrHJOVtZM32ZM7qymS4ZS4qTnVJX/CO:5zxawFIp1cKZQSqrHCY2ZuqEklqTnV
Score

7^/10

discovery persistence spyware stealer upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy