Extracted

• • Target

    bcf0a7afaf53ff6ad5ae12c59d5946e8_JaffaCakes118

  • Size

    200KB

  • MD5

    bcf0a7afaf53ff6ad5ae12c59d5946e8

  • SHA1

    87b63bdc8e1b8da9bc2741e6586f1dd30213af5a

  • SHA256

    cd5b2da92050906e0654dc494768eaadf6bc9d70735ab9ac12b55022639ae028

  • SHA512

    27fb06ba0476ac6754d02ab33a71ec8cb70d91534ce82de1ddff463ac222052600d1baca9b898a7160895830b3f286358c9610f378339359590f2702a986d620

  • SSDEEP

    3072:XiuCpL66SuKvmpw0orsVTqabyxXG9jP/8DtLZiV0:XiuCwVh+QQ9qvKb/8Dq

  Score

  10^/10

  credential_accessdiscoverypersistencespywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2