de5dd5037552ab87ca36fe6722088d4f7a3425d1e9ef7cb0b5ce6f5598dacb6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe3a3c785f3f6cbeec9205b2a7dbcc3b_JaffaCakes118
Size

80KB
Sample

240929-la6t2a1bka
MD5

fe3a3c785f3f6cbeec9205b2a7dbcc3b
SHA1

85d9bbb396d3a698e2597c5a937be4ff567f8a3c
SHA256

de5dd5037552ab87ca36fe6722088d4f7a3425d1e9ef7cb0b5ce6f5598dacb6f
SHA512

7a4b04ac8d09581f555c3d2ae94c98a7e5e21363d50dc773e8e5ffe4dd92c9abeca55989b83bce4b5c1ea79d9cf1fd969ac7889b8cf23a45103d7f34937af337
SSDEEP

1536:X/GUG+QX+HmHYSZqHx2nMdcmwkc21JUEbooPRrKKR:Xc+QXoQ/ZscnookL1JltZrpR

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  fe3a3c785f3f6cbeec9205b2a7dbcc3b_JaffaCakes118
- Size
  
  80KB
- MD5
  
  fe3a3c785f3f6cbeec9205b2a7dbcc3b
- SHA1
  
  85d9bbb396d3a698e2597c5a937be4ff567f8a3c
- SHA256
  
  de5dd5037552ab87ca36fe6722088d4f7a3425d1e9ef7cb0b5ce6f5598dacb6f
- SHA512
  
  7a4b04ac8d09581f555c3d2ae94c98a7e5e21363d50dc773e8e5ffe4dd92c9abeca55989b83bce4b5c1ea79d9cf1fd969ac7889b8cf23a45103d7f34937af337
- SSDEEP
  
  1536:X/GUG+QX+HmHYSZqHx2nMdcmwkc21JUEbooPRrKKR:Xc+QXoQ/ZscnookL1JltZrpR
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2