e3b123ab1fcc11ede53d7bc05434a63160fc7832cec12631a55e8f04c152e78b | Triage

Sharing

General

Target

ab5d0d25b309a7f63fce048feaf59e2f_JaffaCakes118
Size

128KB
Sample

240819-rnp2bsyfkh
MD5

ab5d0d25b309a7f63fce048feaf59e2f
SHA1

fb44edd5a073d5f089c8b105e390bccd57380519
SHA256

e3b123ab1fcc11ede53d7bc05434a63160fc7832cec12631a55e8f04c152e78b
SHA512

1daa9bbfa1b2dada8c4157a7fe32c6517970d54a2f16392dad9e9459f7017d9597a257d0fd013680d3e54db7d91b5b08ef51a8d185597526b7fe52fc6fb370b7
SSDEEP

3072:j0/MimmNALxSKPt0eIAAK71LbVUrjXwqufSKPt0eIAAK71L:jiMi/aLxjdd1LbVUrbwtfjdd1L

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  ab5d0d25b309a7f63fce048feaf59e2f_JaffaCakes118
- Size
  
  128KB
- MD5
  
  ab5d0d25b309a7f63fce048feaf59e2f
- SHA1
  
  fb44edd5a073d5f089c8b105e390bccd57380519
- SHA256
  
  e3b123ab1fcc11ede53d7bc05434a63160fc7832cec12631a55e8f04c152e78b
- SHA512
  
  1daa9bbfa1b2dada8c4157a7fe32c6517970d54a2f16392dad9e9459f7017d9597a257d0fd013680d3e54db7d91b5b08ef51a8d185597526b7fe52fc6fb370b7
- SSDEEP
  
  3072:j0/MimmNALxSKPt0eIAAK71LbVUrjXwqufSKPt0eIAAK71L:jiMi/aLxjdd1LbVUrbwtfjdd1L
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer