7896cbbec89f6f79883a877a25aceeb9c6f0401601ffd1411c0849b150c661b4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bc4d0ad6d3...18.exe

windows7-x64

7

bc4d0ad6d3...18.exe

windows10-2004-x64

7

Sharing

General

Target

bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118
Size

6.5MB
Sample

240823-stxh2ascmc
MD5

bc4d0ad6d35b5f7696aaa117265815da
SHA1

f3b021f45f1e54e5826579dc797d9d3004d2fb4a
SHA256

7896cbbec89f6f79883a877a25aceeb9c6f0401601ffd1411c0849b150c661b4
SHA512

b732f02b5ebdba430805cdbad99df628221027657aaef80bc2c290aca7ef881e67292d0afdb7d6b697774484757868f69e898a02451e6bc5a41d9963172a1c8f
SSDEEP

196608:lLAjOEDzxiTh4vJSSZkU0STmtiamai/aH4pW:lLAKko4zDPai/k4pW

Score

7^/10

discovery pyinstaller spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118.exe

Resource

win7-20240729-en

discovery pyinstaller spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery pyinstaller spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc4d0ad6d35b5f7696aaa117265815da_JaffaCakes118
- Size
  
  6.5MB
- MD5
  
  bc4d0ad6d35b5f7696aaa117265815da
- SHA1
  
  f3b021f45f1e54e5826579dc797d9d3004d2fb4a
- SHA256
  
  7896cbbec89f6f79883a877a25aceeb9c6f0401601ffd1411c0849b150c661b4
- SHA512
  
  b732f02b5ebdba430805cdbad99df628221027657aaef80bc2c290aca7ef881e67292d0afdb7d6b697774484757868f69e898a02451e6bc5a41d9963172a1c8f
- SSDEEP
  
  196608:lLAjOEDzxiTh4vJSSZkU0STmtiamai/aH4pW:lLAKko4zDPai/k4pW
Score

7^/10

discovery pyinstaller spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstallerspywarestealer

behavioral2

discoverypyinstallerspywarestealer

© 2018-2025

Terms | Privacy