88e698ae3ec192e3af7d60cdc9afa7e22cdd2e5a412cec1b1051dc94e4d2a5ef | Triage

Submit
Reports

Overview

overview

9

Static

static

3

f0396d0e2c...18.exe

windows7-x64

9

f0396d0e2c...18.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

f0396d0e2c4ab1031dce598633c4e763_JaffaCakes118
Size

636KB
Sample

240921-va5fmsseph
MD5

f0396d0e2c4ab1031dce598633c4e763
SHA1

d47381d10917162b2f4293e7360faff2efa2afe7
SHA256

88e698ae3ec192e3af7d60cdc9afa7e22cdd2e5a412cec1b1051dc94e4d2a5ef
SHA512

73480b1842e2b5106b951ccc66b324cad87a2c7677d162c9177ce4bb95559070b6645fb53b81bb170c48a6174b36104bfa233417ece91c281b75f8dba74fac04
SSDEEP

12288:6xAeFV4TULyn6WjrUpDLeswTzKuQ0Snf2ulV65CVJqP5:6D4T6ArU5Lo6Ou+uJqx

Score

9^/10

credential_access discovery persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0396d0e2c4ab1031dce598633c4e763_JaffaCakes118.exe

Resource

win7-20240708-en

credential_access discovery persistence spyware stealer upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0396d0e2c4ab1031dce598633c4e763_JaffaCakes118.exe

Resource

win10v2004-20240802-en

credential_access discovery persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  f0396d0e2c4ab1031dce598633c4e763_JaffaCakes118
- Size
  
  636KB
- MD5
  
  f0396d0e2c4ab1031dce598633c4e763
- SHA1
  
  d47381d10917162b2f4293e7360faff2efa2afe7
- SHA256
  
  88e698ae3ec192e3af7d60cdc9afa7e22cdd2e5a412cec1b1051dc94e4d2a5ef
- SHA512
  
  73480b1842e2b5106b951ccc66b324cad87a2c7677d162c9177ce4bb95559070b6645fb53b81bb170c48a6174b36104bfa233417ece91c281b75f8dba74fac04
- SSDEEP
  
  12288:6xAeFV4TULyn6WjrUpDLeswTzKuQ0Snf2ulV65CVJqP5:6D4T6ArU5Lo6Ou+uJqx
Score

9^/10

credential_access discovery persistence spyware stealer upx
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealerupx

behavioral2

credential_accessdiscoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy