437b6da49c8eeb230154d85eb5245dbdfbc32e4261c9937c55aa7c89b3e6692f | Triage

Sharing

General

Target

bdb245992acd5b1f150c857380da3008_JaffaCakes118
Size

499KB
Sample

240824-bbef3axaqg
MD5

bdb245992acd5b1f150c857380da3008
SHA1

9085bc32780536d7794b5d5639516da1be743456
SHA256

437b6da49c8eeb230154d85eb5245dbdfbc32e4261c9937c55aa7c89b3e6692f
SHA512

ae6e940003088a42575a28cf97fe49cd7f05be8e3f97eff54977c75700bdd8fb6e9ae3a8856833795333152965ffa2a5d088be2ba6048cefc539b81682af0dac
SSDEEP

6144:b0+nkbu3mjQDF6/M93xn3N93gLyLRTG1Bvd9EqSZo:Kcw/Sx33gLyLRKBsqSC

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  bdb245992acd5b1f150c857380da3008_JaffaCakes118
- Size
  
  499KB
- MD5
  
  bdb245992acd5b1f150c857380da3008
- SHA1
  
  9085bc32780536d7794b5d5639516da1be743456
- SHA256
  
  437b6da49c8eeb230154d85eb5245dbdfbc32e4261c9937c55aa7c89b3e6692f
- SHA512
  
  ae6e940003088a42575a28cf97fe49cd7f05be8e3f97eff54977c75700bdd8fb6e9ae3a8856833795333152965ffa2a5d088be2ba6048cefc539b81682af0dac
- SSDEEP
  
  6144:b0+nkbu3mjQDF6/M93xn3N93gLyLRTG1Bvd9EqSZo:Kcw/Sx33gLyLRKBsqSC
Score

7^/10

discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer