071e026bd884b407af05f678476dc5932d3a9b18954bc72ed3036a340baacf47 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

ebcb702be3...18.exe

windows7-x64

9

ebcb702be3...18.exe

windows10-2004-x64

9

Sharing

General

Target

ebcb702be3483e4d11c30f7723037803_JaffaCakes118
Size

2.4MB
Sample

240919-vj1h2szfrm
MD5

ebcb702be3483e4d11c30f7723037803
SHA1

cf6f80e658e014a709367f1b7df1603ae414f3df
SHA256

071e026bd884b407af05f678476dc5932d3a9b18954bc72ed3036a340baacf47
SHA512

402100f4b31b42d0e691b7fb587e1830b24bf808a726ca510a6e8b6c3ac62aa11ab5821c90616f5848867868de8cca7be21251ac8952dfe45ebb3769aca6fe2e
SSDEEP

49152:jvH6YJufgovZJpkNUgPdVLFwB0Pt5ov6+fCK6:jvH6YQ3Jp+dVLDt5oh/6

Score

9^/10

collection discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ebcb702be3483e4d11c30f7723037803_JaffaCakes118.exe

Resource

win7-20240708-en

collection discovery upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ebcb702be3483e4d11c30f7723037803_JaffaCakes118.exe

Resource

win10v2004-20240802-en

collection discovery upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ebcb702be3483e4d11c30f7723037803_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  ebcb702be3483e4d11c30f7723037803
- SHA1
  
  cf6f80e658e014a709367f1b7df1603ae414f3df
- SHA256
  
  071e026bd884b407af05f678476dc5932d3a9b18954bc72ed3036a340baacf47
- SHA512
  
  402100f4b31b42d0e691b7fb587e1830b24bf808a726ca510a6e8b6c3ac62aa11ab5821c90616f5848867868de8cca7be21251ac8952dfe45ebb3769aca6fe2e
- SSDEEP
  
  49152:jvH6YJufgovZJpkNUgPdVLFwB0Pt5ov6+fCK6:jvH6YQ3Jp+dVLDt5oh/6
Score

9^/10

collection discovery upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryupx

behavioral2

collectiondiscoveryupx

© 2018-2024

Terms | Privacy