fafc6c80117a82cbeb7d666c57665f17a6c0fb45d7e4049f20e208eed9bb9cd8 | Triage

Sharing

General

Target

c16036545803321b48213298b9541254_JaffaCakes118
Size

127KB
Sample

240825-xm74ea1dml
MD5

c16036545803321b48213298b9541254
SHA1

1e76bb25e34b1a337979695df7fbd0cf5a277d1c
SHA256

fafc6c80117a82cbeb7d666c57665f17a6c0fb45d7e4049f20e208eed9bb9cd8
SHA512

8cf2cd13d4b84489a9e45bd7ee17e183580e78b8f500b555abb16bf84f7562ece20008d89b1183bd790de67fc31f3e882c314b23f8fa8abd86358bb299a20012
SSDEEP

3072:u+m1hcp6RL458+qD+T1LvY5KtiFWKzzFaw8cGw:u+m1epwTzkz8FW6vbt

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  c16036545803321b48213298b9541254_JaffaCakes118
- Size
  
  127KB
- MD5
  
  c16036545803321b48213298b9541254
- SHA1
  
  1e76bb25e34b1a337979695df7fbd0cf5a277d1c
- SHA256
  
  fafc6c80117a82cbeb7d666c57665f17a6c0fb45d7e4049f20e208eed9bb9cd8
- SHA512
  
  8cf2cd13d4b84489a9e45bd7ee17e183580e78b8f500b555abb16bf84f7562ece20008d89b1183bd790de67fc31f3e882c314b23f8fa8abd86358bb299a20012
- SSDEEP
  
  3072:u+m1hcp6RL458+qD+T1LvY5KtiFWKzzFaw8cGw:u+m1epwTzkz8FW6vbt
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  37KB
- MD5
  
  491918a8925a32d5090f259bc14d8f04
- SHA1
  
  9e9a282e9c0c5dbdaf3762314450156b9b7ed565
- SHA256
  
  27fd61c4ffa7d6791e32cba030457540138ada91e06fa24e7040c5a42c5fa22f
- SHA512
  
  131b391065f575e3ee370d7096aff6d9825ee9f4ec37b413506f59f66acfe09f68f53ff3eb47ac62fb8575a76165833ff293ffe462f280453070161fa928558f
- SSDEEP
  
  768:Z85u4ZGOSOHm2v33BUis8fBzJ0xrkeQMogwREPgVv5+:Z8NGDOm2v33BTfj0xrLKEPgf+
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $TEMP/firefox.vbs
- Size
  
  1KB
- MD5
  
  7513b697b3e19834b490d790cbadffba
- SHA1
  
  e347c3e4cabd1fdc395f9652aeaabddc9b4e93c1
- SHA256
  
  f8253d735820824a0a46ec74512404dd89cd13dec098c03d0f2bb2f57dada4e5
- SHA512
  
  9bd12277609d015fdf16a763a306a3ed705af0865808856626b34fc602b5d2bce4977ea7e5f7048a73c1c8b7d895c202114f13882ee19ba7f7850415c0501b4a
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6