6c4c8cfd02098f6f3b43bcc9fbcadeeebacf6c2d0c9c6b8334c4ec1b120cefec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a66704fa99111103386727ef5eee679d_JaffaCakes118
Size

6.6MB
Sample

240818-mdltpssbjm
MD5

a66704fa99111103386727ef5eee679d
SHA1

7595e38bf1e39aba91813f341f3f012c25e4faf7
SHA256

6c4c8cfd02098f6f3b43bcc9fbcadeeebacf6c2d0c9c6b8334c4ec1b120cefec
SHA512

1e944ee55402da2161270e1946177b1183ffa12e22d924e568b9b2e2d11915635b96bee1434c922c0d6bf43526430dac7a834714f3d91c3c176ac2076877571e
SSDEEP

196608:GC+gp1DM9onJ5hrZER9xQ3jo4UQ7+wKIAFuD:7pNM9c5hlER9xA2QSXIA

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  a66704fa99111103386727ef5eee679d_JaffaCakes118
- Size
  
  6.6MB
- MD5
  
  a66704fa99111103386727ef5eee679d
- SHA1
  
  7595e38bf1e39aba91813f341f3f012c25e4faf7
- SHA256
  
  6c4c8cfd02098f6f3b43bcc9fbcadeeebacf6c2d0c9c6b8334c4ec1b120cefec
- SHA512
  
  1e944ee55402da2161270e1946177b1183ffa12e22d924e568b9b2e2d11915635b96bee1434c922c0d6bf43526430dac7a834714f3d91c3c176ac2076877571e
- SSDEEP
  
  196608:GC+gp1DM9onJ5hrZER9xQ3jo4UQ7+wKIAFuD:7pNM9c5hlER9xA2QSXIA
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2