6cdbd15cbc340af22cc896d0dc657e5785f2a94c0100884f1fbde99da262d080 | Triage

Sharing

General

Target

ba7e930b881802426130091e9e2bb47b_JaffaCakes118
Size

63KB
Sample

240823-fytaysxbja
MD5

ba7e930b881802426130091e9e2bb47b
SHA1

0168435f862d6a83f90c596c66e682b3df47d82c
SHA256

6cdbd15cbc340af22cc896d0dc657e5785f2a94c0100884f1fbde99da262d080
SHA512

e4e213e4ac5ba3e6fcc60924fc679a90522c7a3b9ae0efa85b9068937df9ad97f9ad01f5e455c41d8c0065e10f912e1a4bb67f60578fa002d1f9f152caed5338
SSDEEP

768:15eSeLnPvcjG1af/m612G0BJXIQ9E40QgnfseaYbj9f7XTQ94gXh:15lwvqcaf/m9JYLnfH5bjZLTQqUh

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  ba7e930b881802426130091e9e2bb47b_JaffaCakes118
- Size
  
  63KB
- MD5
  
  ba7e930b881802426130091e9e2bb47b
- SHA1
  
  0168435f862d6a83f90c596c66e682b3df47d82c
- SHA256
  
  6cdbd15cbc340af22cc896d0dc657e5785f2a94c0100884f1fbde99da262d080
- SHA512
  
  e4e213e4ac5ba3e6fcc60924fc679a90522c7a3b9ae0efa85b9068937df9ad97f9ad01f5e455c41d8c0065e10f912e1a4bb67f60578fa002d1f9f152caed5338
- SSDEEP
  
  768:15eSeLnPvcjG1af/m612G0BJXIQ9E40QgnfseaYbj9f7XTQ94gXh:15lwvqcaf/m9JYLnfH5bjZLTQqUh
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer