a29db08adf5c7f5903dacc1bdfa4e328d723b38904739ef42c3f082e6f77a916 | Triage

Sharing

General

Target

b1a7cd83d4b8ff36d5fbd263c074746d_JaffaCakes118
Size

5.9MB
Sample

240821-b129estene
MD5

b1a7cd83d4b8ff36d5fbd263c074746d
SHA1

45de7bf5c5e4503738743f7205b9e9fdfa197dca
SHA256

a29db08adf5c7f5903dacc1bdfa4e328d723b38904739ef42c3f082e6f77a916
SHA512

b515399b72c0ad393f44d29bf9e51fe6f8fe579c09084a89b3d5acd22ab1929dc84e47781c1873fb1f7e3370383106c4d1cd0d2d5c405cdc3e3f049e9cd3cc58
SSDEEP

98304:Ztvq763VQWJuhswoYv5eONVMSVlnsfGm2ceemmZqAZ8a+t1Twee5avbZc+L23ZqT:ZQ7cuWJysVYvsO4knseOeehZqAqa+3T/

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  b1a7cd83d4b8ff36d5fbd263c074746d_JaffaCakes118
- Size
  
  5.9MB
- MD5
  
  b1a7cd83d4b8ff36d5fbd263c074746d
- SHA1
  
  45de7bf5c5e4503738743f7205b9e9fdfa197dca
- SHA256
  
  a29db08adf5c7f5903dacc1bdfa4e328d723b38904739ef42c3f082e6f77a916
- SHA512
  
  b515399b72c0ad393f44d29bf9e51fe6f8fe579c09084a89b3d5acd22ab1929dc84e47781c1873fb1f7e3370383106c4d1cd0d2d5c405cdc3e3f049e9cd3cc58
- SSDEEP
  
  98304:Ztvq763VQWJuhswoYv5eONVMSVlnsfGm2ceemmZqAZ8a+t1Twee5avbZc+L23ZqT:ZQ7cuWJysVYvsO4knseOeehZqAqa+3T/
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2