Overview

overview

7

Static

static

3

b7f1cc7f4b...18.exe

windows7-x64

7

b7f1cc7f4b...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118

  • Size

    184KB

  • Sample

    240822-rg5s7s1dnh

  • MD5

    b7f1cc7f4b863115adf96e6d4e8acef1

  • SHA1

    263f6475177fdce713846d732cd225113374ec32

  • SHA256

    89d9737c7ac59672fd6b103d39fc0ba08a1077496758401e88fabc29baee9253

  • SHA512

    d8cd989af8b80ad8d1929fad9a5da1053da9947d219db3b0a3602397cde048825a79ef4d3618e6b3b87270d63745d16621bc82ca85b615fdf4b9ea8629fe2099

  • SSDEEP

    3072:hQ4DTiTdU5+bbIg35hsQubK2izo8iDDGETdp1r0ghriYzkeM6h+AG4A1cByVhHgS:u4DTNWphkDdfHimzQVtgbxDkt

Score
7/10
credential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118

    • Size

      184KB

    • MD5

      b7f1cc7f4b863115adf96e6d4e8acef1

    • SHA1

      263f6475177fdce713846d732cd225113374ec32

    • SHA256

      89d9737c7ac59672fd6b103d39fc0ba08a1077496758401e88fabc29baee9253

    • SHA512

      d8cd989af8b80ad8d1929fad9a5da1053da9947d219db3b0a3602397cde048825a79ef4d3618e6b3b87270d63745d16621bc82ca85b615fdf4b9ea8629fe2099

    • SSDEEP

      3072:hQ4DTiTdU5+bbIg35hsQubK2izo8iDDGETdp1r0ghriYzkeM6h+AG4A1cByVhHgS:u4DTNWphkDdfHimzQVtgbxDkt

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks