49c07f5e4b8207337e7b8c4f2d25fe5331b7b015375d6f1d653531e6316bf459 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab4046d0855ac7eae979261c2a6efd8e_JaffaCakes118
Size

181KB
Sample

240819-q1f4hs1ajr
MD5

ab4046d0855ac7eae979261c2a6efd8e
SHA1

cdbb3ec236becbb87bf7e602bc269ffd30529a56
SHA256

49c07f5e4b8207337e7b8c4f2d25fe5331b7b015375d6f1d653531e6316bf459
SHA512

0950299ba84aa1430f70f43ef6f84414a1d76349a6db6e3cc17bd23f5b93349080fbf6e5b21b7127badf6a95d2975eb269b5a779cd6b4e843703fbd67cf5df18
SSDEEP

3072:v71yHuRT4iUwFvJVNuWsQ5c1sBrKTN4O7UsciSiRX0ZYFmNDeE6JsbN:rRTTUcHns6cMKpGsBSiRummNDe

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  ab4046d0855ac7eae979261c2a6efd8e_JaffaCakes118
- Size
  
  181KB
- MD5
  
  ab4046d0855ac7eae979261c2a6efd8e
- SHA1
  
  cdbb3ec236becbb87bf7e602bc269ffd30529a56
- SHA256
  
  49c07f5e4b8207337e7b8c4f2d25fe5331b7b015375d6f1d653531e6316bf459
- SHA512
  
  0950299ba84aa1430f70f43ef6f84414a1d76349a6db6e3cc17bd23f5b93349080fbf6e5b21b7127badf6a95d2975eb269b5a779cd6b4e843703fbd67cf5df18
- SSDEEP
  
  3072:v71yHuRT4iUwFvJVNuWsQ5c1sBrKTN4O7UsciSiRX0ZYFmNDeE6JsbN:rRTTUcHns6cMKpGsBSiRummNDe
Score

7^/10

discovery persistence spyware stealer upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2