06fe15673d9bb5c13128a859df6a0abdafba84651d13932b35e1c96e02e1c4cd | Triage

Sharing

General

Target

fdec483245494bcb936b4357b2258701_JaffaCakes118
Size

98KB
Sample

240929-gn455svdpd
MD5

fdec483245494bcb936b4357b2258701
SHA1

26a551af6aa9f0ee2bfd2225f37fc3d620a8739e
SHA256

06fe15673d9bb5c13128a859df6a0abdafba84651d13932b35e1c96e02e1c4cd
SHA512

a2819ba43fabf1fd8c15c344c81f5cbecf63e6ecfb31472fa45acc54e0576241785563c0ad25e36bbe0dbff4318c4e384112d5154067ec3de654fe888d27efad
SSDEEP

3072:/0VMoIKDj0c0CJBecUYzlzrMvHU+aWGZL:cBGdY5ID

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  fdec483245494bcb936b4357b2258701_JaffaCakes118
- Size
  
  98KB
- MD5
  
  fdec483245494bcb936b4357b2258701
- SHA1
  
  26a551af6aa9f0ee2bfd2225f37fc3d620a8739e
- SHA256
  
  06fe15673d9bb5c13128a859df6a0abdafba84651d13932b35e1c96e02e1c4cd
- SHA512
  
  a2819ba43fabf1fd8c15c344c81f5cbecf63e6ecfb31472fa45acc54e0576241785563c0ad25e36bbe0dbff4318c4e384112d5154067ec3de654fe888d27efad
- SSDEEP
  
  3072:/0VMoIKDj0c0CJBecUYzlzrMvHU+aWGZL:cBGdY5ID
Score

7^/10

discovery spyware stealer
- Deletes itself
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2