Overview

overview

8

Static

static

3

f002bf28f8...18.exe

windows7-x64

8

f002bf28f8...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f002bf28f8af3bd6ca14f25f002b5b5a_JaffaCakes118

  • Size

    366KB

  • Sample

    240921-rz1bfaxckg

  • MD5

    f002bf28f8af3bd6ca14f25f002b5b5a

  • SHA1

    b626e1e77bc2d474a63e3f1873e0ded2d5f07b24

  • SHA256

    9ba560fb26213c307fe1940e9918e0a57d160122c0e4e1531bf4a8f5392bc5ed

  • SHA512

    ceaf4816c2a11fad031c83e8c003e6dc7f6cf855d0f94c9940bb9c0f7ed2f55b830a3833f4eaf75830d8cdc70f95f60637c68027cf68014e6320949a5d2670e6

  • SSDEEP

    6144:YCZ/3sHw0Ecywu3fY+0APPTybbasvDIepNMSqZxXXeWm60yDOrOY+Hk:YMUHTyHrPPTybb5vDFFq8uLk

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      f002bf28f8af3bd6ca14f25f002b5b5a_JaffaCakes118

    • Size

      366KB

    • MD5

      f002bf28f8af3bd6ca14f25f002b5b5a

    • SHA1

      b626e1e77bc2d474a63e3f1873e0ded2d5f07b24

    • SHA256

      9ba560fb26213c307fe1940e9918e0a57d160122c0e4e1531bf4a8f5392bc5ed

    • SHA512

      ceaf4816c2a11fad031c83e8c003e6dc7f6cf855d0f94c9940bb9c0f7ed2f55b830a3833f4eaf75830d8cdc70f95f60637c68027cf68014e6320949a5d2670e6

    • SSDEEP

      6144:YCZ/3sHw0Ecywu3fY+0APPTybbasvDIepNMSqZxXXeWm60yDOrOY+Hk:YMUHTyHrPPTybb5vDFFq8uLk

    Score
    8/10
    discoverypersistencespywarestealer

    • Drops file in Drivers directory

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks