Overview

overview

7

Static

static

3

afea9b3243...18.exe

windows7-x64

7

afea9b3243...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    afea9b324371190c7d1ffb723ebdfa4b_JaffaCakes118

  • Size

    124KB

  • Sample

    240820-tn54navgll

  • MD5

    afea9b324371190c7d1ffb723ebdfa4b

  • SHA1

    a3541e14651d7b2a0164e57a16d2f5da17facd60

  • SHA256

    c5bd97a8ee861bcf5fff4d6b6c124dd9595f696da398364ccb74473619f59ef2

  • SHA512

    6520c34959b8330e4d8f3c4b3d3e48f67e080fdec97b0c20ed2303fb181bd57d37e9fa4fbd8965f34f4c435403b1301be30f85265d881de336930d44665b0a42

  • SSDEEP

    3072:8xfFnZgyMlblEEvwgaIFzBglk3AWH2aa1P2gWL/dU:Sf5ZMEEV7il0AWHTCPI/dU

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      afea9b324371190c7d1ffb723ebdfa4b_JaffaCakes118

    • Size

      124KB

    • MD5

      afea9b324371190c7d1ffb723ebdfa4b

    • SHA1

      a3541e14651d7b2a0164e57a16d2f5da17facd60

    • SHA256

      c5bd97a8ee861bcf5fff4d6b6c124dd9595f696da398364ccb74473619f59ef2

    • SHA512

      6520c34959b8330e4d8f3c4b3d3e48f67e080fdec97b0c20ed2303fb181bd57d37e9fa4fbd8965f34f4c435403b1301be30f85265d881de336930d44665b0a42

    • SSDEEP

      3072:8xfFnZgyMlblEEvwgaIFzBglk3AWH2aa1P2gWL/dU:Sf5ZMEEV7il0AWHTCPI/dU

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks