383fd31298da1ec7d5efdef007a6b2eace59ad58216dbeedc94f810c4649f5b3 | Triage

Sharing

General

Target

c127ee19fff71c0ae0510a45d59c9150_JaffaCakes118
Size

52KB
Sample

240825-t8jfdswaqj
MD5

c127ee19fff71c0ae0510a45d59c9150
SHA1

172ba4e19cd4bb6b7c8d58445c7ba454731feeb9
SHA256

383fd31298da1ec7d5efdef007a6b2eace59ad58216dbeedc94f810c4649f5b3
SHA512

d944844bf67b1c64cfba4bf7f85fcb90f27752b3d10d8139686bc648444c6a59c5c1787e5b0b4779d11f345e95d1b429d209a16efd36969e60eae687e3471f5c
SSDEEP

768:IDsgfMcJxlt0TYJkL8lPRygQNVeZhgDsyt2JRApWLYNeg:mspcgUJY8lPRyDNVeZhnyt2IpUg

Score

10^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  c127ee19fff71c0ae0510a45d59c9150_JaffaCakes118
- Size
  
  52KB
- MD5
  
  c127ee19fff71c0ae0510a45d59c9150
- SHA1
  
  172ba4e19cd4bb6b7c8d58445c7ba454731feeb9
- SHA256
  
  383fd31298da1ec7d5efdef007a6b2eace59ad58216dbeedc94f810c4649f5b3
- SHA512
  
  d944844bf67b1c64cfba4bf7f85fcb90f27752b3d10d8139686bc648444c6a59c5c1787e5b0b4779d11f345e95d1b429d209a16efd36969e60eae687e3471f5c
- SSDEEP
  
  768:IDsgfMcJxlt0TYJkL8lPRygQNVeZhgDsyt2JRApWLYNeg:mspcgUJY8lPRyDNVeZhnyt2IpUg
Score

10^/10

discovery persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2