a3550de7b1a3d46a4169924cec4589881992dedb034c04b69731c98f4d4cebb1 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

c9490f91a0...18.exe

windows7-x64

7

c9490f91a0...18.exe

windows10-2004-x64

7

Sharing

General

Target

c9490f91a0923a0150057c72416bd39a_JaffaCakes118
Size

490KB
Sample

240829-v3kxpssgpe
MD5

c9490f91a0923a0150057c72416bd39a
SHA1

c25da107f4ffe183403e0ed251bdf3601edd5452
SHA256

a3550de7b1a3d46a4169924cec4589881992dedb034c04b69731c98f4d4cebb1
SHA512

7d65b0bcdd44fb81211221da99eb76251c872c609d69a7f98dd3c3d129ee12548adfa0e705710709198f399ccac4b23364b7259a71d41b90953d71d659217467
SSDEEP

12288:JWDq1hZKh8CpayR3FJOK/4xnGKYfKKD08u2Cx8KoXkoS:JWDqlx6Vl4xnJYfTgn2Cx2

Score

7^/10

credential_access discovery spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c9490f91a0923a0150057c72416bd39a_JaffaCakes118.exe

Resource

win7-20240704-en

credential_access discovery spyware stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9490f91a0923a0150057c72416bd39a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

credential_access discovery spyware stealer upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  c9490f91a0923a0150057c72416bd39a_JaffaCakes118
- Size
  
  490KB
- MD5
  
  c9490f91a0923a0150057c72416bd39a
- SHA1
  
  c25da107f4ffe183403e0ed251bdf3601edd5452
- SHA256
  
  a3550de7b1a3d46a4169924cec4589881992dedb034c04b69731c98f4d4cebb1
- SHA512
  
  7d65b0bcdd44fb81211221da99eb76251c872c609d69a7f98dd3c3d129ee12548adfa0e705710709198f399ccac4b23364b7259a71d41b90953d71d659217467
- SSDEEP
  
  12288:JWDq1hZKh8CpayR3FJOK/4xnGKYfKKD08u2Cx8KoXkoS:JWDqlx6Vl4xnJYfTgn2Cx2
Score

7^/10

credential_access discovery spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealerupx

behavioral2

credential_accessdiscoveryspywarestealerupx

© 2018-2025

Terms | Privacy