Overview

overview

7

Static

static

7

ce47757b9b...18.exe

windows7-x64

7

ce47757b9b...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ce47757b9b3cfae1dd52274839ba0edb_JaffaCakes118

  • Size

    676KB

  • Sample

    240906-a73yvsxbnr

  • MD5

    ce47757b9b3cfae1dd52274839ba0edb

  • SHA1

    25a0f486ad40a6300a3557cf2f5e597bae44871d

  • SHA256

    f07510c708b00e7e0bcc78ed8e3a7c4d33eafc9968be24648cfcacfa2034ef24

  • SHA512

    17bd3a995024362b7a23d9b509b925f4fa8220503b2026670a6d1f64d3b8c779f5efa4b08ba05d6bb88f15edcf8b3890485ea5e006c374be3c2960fb93bf9529

  • SSDEEP

    12288:YzcRD02J4Sq2vHGB67KWKKmDN4Y9x+79qV+VM8Sehc0y+FCb:CcRToImoArX0MjD+FA

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      ce47757b9b3cfae1dd52274839ba0edb_JaffaCakes118

    • Size

      676KB

    • MD5

      ce47757b9b3cfae1dd52274839ba0edb

    • SHA1

      25a0f486ad40a6300a3557cf2f5e597bae44871d

    • SHA256

      f07510c708b00e7e0bcc78ed8e3a7c4d33eafc9968be24648cfcacfa2034ef24

    • SHA512

      17bd3a995024362b7a23d9b509b925f4fa8220503b2026670a6d1f64d3b8c779f5efa4b08ba05d6bb88f15edcf8b3890485ea5e006c374be3c2960fb93bf9529

    • SSDEEP

      12288:YzcRD02J4Sq2vHGB67KWKKmDN4Y9x+79qV+VM8Sehc0y+FCb:CcRToImoArX0MjD+FA

    Score
    7/10
    discoverypersistencespywarestealerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks