cf2b378ba224edfba1a4c65d209b4fd49e47c4a70ce0efd9ad9ff6115fac506f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d21aa8e8fdfa473b34b429362c3d8639_JaffaCakes118
Size

129KB
Sample

240907-rc5mmsxerr
MD5

d21aa8e8fdfa473b34b429362c3d8639
SHA1

7edd373bd9f2a4c58a2dc41d6f6b8e88da647faa
SHA256

cf2b378ba224edfba1a4c65d209b4fd49e47c4a70ce0efd9ad9ff6115fac506f
SHA512

2eab431019ea932df354cedeac640e5cc032b0003854004b75fe2c307a3a73b41fbec659c2db072505fa05ff1b8e965fb85dcf4af41bbd811dae26ec22f0bb9c
SSDEEP

3072:+kMyeFuWgjNpUk7fk38EycdeRI94+U6+bG3ZOD/x:KHvGNNfkMZcde2qf63UDJ

Score

9^/10

discovery spyware stealer upx

Malware Config

Targets

- Target
  
  ChromePass-v1.05/ChromePass.chm
- Size
  
  14KB
- MD5
  
  6a797f9ee04c8f5dbeaca662cde822e5
- SHA1
  
  a45fccf322baa77dc6811eeb5478d54deb29f7a1
- SHA256
  
  444170d3a339796d1faea28bac60387a63c2ca61eec9208822bf4a15ddeb8657
- SHA512
  
  f1edbb5b6ebe5af5a85828fedf19e7e7c102bf7a54fca308826608d2fc6908df920f86613b4d8e75a27854e980c3f9baaba1fba3319e23cf377b49b50feb2e5d
- SSDEEP
  
  192:zvugFmYxfHHHSZ4ZK9kYh+oRYkPHSTIoGbdSvaALqS:zvucdvn+iK9kYhn1PHSTIoj5
Score

1^/10
behavioral1 behavioral2
- Target
  
  ChromePass-v1.05/ChromePass.exe
- Size
  
  125KB
- MD5
  
  9b3b1c0db965166319469b2afa6c4f0c
- SHA1
  
  9f1e65a3056dff872949329c4e5e70c007cc5621
- SHA256
  
  dbfa10a7deeb6d1ac8fd95ffeb23b87adc58e6388e522812fabe7f710e3cdd89
- SHA512
  
  c11512599b83fa1875a67915a7e7454512ed8300a0a47c16692ebc1f526755c39c795fe9721dd97d417bfcb29f9e4c1f3283cf4c426af6571b3996005f7e4f5e
- SSDEEP
  
  3072:exjUcaPXQMR7j6gh2eG8ICpUMmere/8TyiG:IjUca5+gfpUOi
Score

9^/10

discovery spyware stealer upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  ChromePass-v1.05/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryspywarestealerupx

behavioral4

discoveryspywarestealerupx

behavioral5

behavioral6