Overview

overview

9

Static

static

3

bf2d53b312...18.exe

windows7-x64

9

bf2d53b312...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    bf2d53b312096b636e36ac355a58ac54_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240824-wq19lasgjf

  • MD5

    bf2d53b312096b636e36ac355a58ac54

  • SHA1

    c423cd54fb2f5403348d726f66598166f66ec8c0

  • SHA256

    465fa1ef371d230331fa4cf90e861ff344903eb34b05eebe959b7006f94bfd91

  • SHA512

    abb6953cb06fe58df7178e6e5c52d59837029ef68e930bc95b1d295ee38c993bd35ac779c2d452c739149323258564a4b7fa02a91a4d971dd4edc268636c88a9

  • SSDEEP

    3072:tZWe52j1Nwm/p/1GIyMcY2ZmF0dah963aY:/9o1NVp/GY2Zvdahcq

Score
9/10
credential_accesspersistencespywarestealer

Malware Config

Targets

    • Target

      bf2d53b312096b636e36ac355a58ac54_JaffaCakes118

    • Size

      1.0MB

    • MD5

      bf2d53b312096b636e36ac355a58ac54

    • SHA1

      c423cd54fb2f5403348d726f66598166f66ec8c0

    • SHA256

      465fa1ef371d230331fa4cf90e861ff344903eb34b05eebe959b7006f94bfd91

    • SHA512

      abb6953cb06fe58df7178e6e5c52d59837029ef68e930bc95b1d295ee38c993bd35ac779c2d452c739149323258564a4b7fa02a91a4d971dd4edc268636c88a9

    • SSDEEP

      3072:tZWe52j1Nwm/p/1GIyMcY2ZmF0dah963aY:/9o1NVp/GY2Zvdahcq

    Score
    9/10
    credential_accesspersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks