Overview

overview

7

Static

static

3

ab7097964d...18.exe

windows7-x64

7

ab7097964d...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab7097964d089e14d31be680156d7abb_JaffaCakes118

  • Size

    324KB

  • Sample

    240819-r4845szeph

  • MD5

    ab7097964d089e14d31be680156d7abb

  • SHA1

    4d895c64144498b0a0427398b6be3d91f1edd152

  • SHA256

    29af67dcd18f256e50337aab8f1ec1b6a62b0e455aefcbb3f48e1e8531a605ac

  • SHA512

    55e7c46ac9c98458754ef9a4d797b500954560a7eaceba3a42063367a078ae0ec2ff3091a6524fbf97987cc260f3e0b7425333dee3265ebbc3f447005a60f2c6

  • SSDEEP

    6144:ZcN9GQKvPKlyfptBr6XSmNNpvtTdIKLKW/noR07K08RHw6Rm:ZcNdKnKlyx7yHF5dB/nF7HtK

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      ab7097964d089e14d31be680156d7abb_JaffaCakes118

    • Size

      324KB

    • MD5

      ab7097964d089e14d31be680156d7abb

    • SHA1

      4d895c64144498b0a0427398b6be3d91f1edd152

    • SHA256

      29af67dcd18f256e50337aab8f1ec1b6a62b0e455aefcbb3f48e1e8531a605ac

    • SHA512

      55e7c46ac9c98458754ef9a4d797b500954560a7eaceba3a42063367a078ae0ec2ff3091a6524fbf97987cc260f3e0b7425333dee3265ebbc3f447005a60f2c6

    • SSDEEP

      6144:ZcN9GQKvPKlyfptBr6XSmNNpvtTdIKLKW/noR07K08RHw6Rm:ZcNdKnKlyx7yHF5dB/nF7HtK

    Score
    7/10
    discoverypersistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks