ef06c37be8d29211b0f56b16e3a8e49f981a52ca09d8bebd885bce15ae405519 | Triage

Sharing

General

Target

jjsploit 2.0.rar
Size

40.6MB
Sample

240919-dykbyayckb
MD5

38cbb7761bac07ba680222d4350285be
SHA1

b919b445c759c866a5ab1ba7c60cf2f1b2187f9e
SHA256

ef06c37be8d29211b0f56b16e3a8e49f981a52ca09d8bebd885bce15ae405519
SHA512

a3e7eb68d3b64fd13f859056001271a276824985054b9cc204454abd11b077945044111591657db932cbde9f870fd6ac25c153c33a44f6b6f29c1f090d55166b
SSDEEP

786432:Vj2ci6OU8VA/LNnL44vrp8KeQZ/tLr6FplNUk1eVyqSHhsNMrs8VfK5q2:VQC1Llv9e+sFplNt1ecP0q2

Score

9^/10

credential_access discovery pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  JJSploit 2.0/injector.exe
- Size
  
  35.0MB
- MD5
  
  3c2d8bd59374804ded1b20e166f96ac8
- SHA1
  
  f8c1cc60870020c1c32d207f82d8433abff0dcdd
- SHA256
  
  bd71e7d1996bd54827f8423347da84996d4d9c1c98ac63cebc6ec3b964b6d87c
- SHA512
  
  d91f234b9c592139b009e1efe4763ff3f21c2ded6e184aef234ef1fc093bf08dc9323dc2aa18d64b321ed829e2f29818a81a46e7fade3f03e81393e2b312e1e4
- SSDEEP
  
  786432:w5jEiYQFQ1QtIJ2j6+s7LWB75zuXVgICuAUI/KH/59MvLwAwWQvJO:PizciIJ2qHWB75ilsZhOSezx
Score

9^/10

credential_access discovery spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  76KB
- MD5
  
  fcd494f9797d27908e665993ba552d14
- SHA1
  
  3587096445e2a419f51e4a9bfeda736e95bf3589
- SHA256
  
  23814d7a8df0dc35fe69d0e7d07e13d44c79fed2f39ac92c4cee8323a56de038
- SHA512
  
  ad94651c0d7802fe6097ec5a2f2d22373a40db13122fe9d8403b868250dfaf0e774d35fc3fa360c795cda51f5ea4e1cda522c522888814b994d4450ee44b4b50
- SSDEEP
  
  1536:KLKOqK/SWSRjsJlflX2Is89RaJ+InaYJEuN6RKer:KhqFi2Is8qjxJJN6Rn
Score

3^/10
behavioral3 behavioral4
- Target
  
  JJSploit 2.0/jjsploit.exe
- Size
  
  6.7MB
- MD5
  
  64034cf10727ac2bd2fa758f61b2047e
- SHA1
  
  63c1d7b0c1b771221edbe7692d19db39f5f8bcc8
- SHA256
  
  65531d0f177965c67cac7ab71bed0b233d1011f07b3ecd2648a5dea797c7dd6a
- SHA512
  
  711ecd77199fc3a8ac01dc348cb5cd943eb705966e9b874bae0bce8f8f4d3fa0c312e0728e257e6f5371d38dc572255fd4d348e900ebb29fe3ebec98dfecdd3f
- SSDEEP
  
  98304:8s/8JAErJVpjA1h9eT393YigJhH0y3T+q2M51Y7uRlXgVLRuq97TgJK/kWx+:8s/utJA1HeT39Iig7auDXURuATl/d
Score

7^/10
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  jjsploit.pyc
- Size
  
  3KB
- MD5
  
  3c643209234ce1e0c90d23cb50a18366
- SHA1
  
  6f48eba6d5bf5cc21f1d96da669796f28816b18d
- SHA256
  
  912e22874254ef076657fc10291dba0d16980f932f4b106c1ede2bc498b82b3d
- SHA512
  
  6538e0fb20a5cbddced8d96f65d2579207a4ea93d958723e1a8686fe5a2e538a5a009c5adec734775406a0611c74d49a6472d71e69ee5d2873c4475c643813d1
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer

behavioral2

credential_accessdiscoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8