2c05eb2fbfac8f4079e8a5d12bc13eae0674c7f6b1d0dd14fc355dbee90b0ed6 | Triage

Submit
Reports

Overview

overview

7

Static

static

5

083868b5ee...18.exe

windows7-x64

7

083868b5ee...18.exe

windows10-2004-x64

7

Sharing

General

Target

083868b5ee6b6b61fd6434a22831565a_JaffaCakes118
Size

253KB
Sample

241002-bpbx4atekc
MD5

083868b5ee6b6b61fd6434a22831565a
SHA1

a68875f94239efa3f9e5ca4deb48054d401c50b8
SHA256

2c05eb2fbfac8f4079e8a5d12bc13eae0674c7f6b1d0dd14fc355dbee90b0ed6
SHA512

37d8736150e724e1b355cc04551af8cf879b8991946cdf342b2f2cbed82e96aabfd11e9f4f58263a2db13513f3b9365c6971ab261454e3955ff5e1a579073437
SSDEEP

3072:vjr5ELbGnzi+aoJjr5ELbGnzi+aoTYMTnMPgPvCYJ1pqXnNGxPD156EEC:BhXaKhXaPsvCYJ1pqXNCZ5TD

Score

7^/10

discovery persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

083868b5ee6b6b61fd6434a22831565a_JaffaCakes118.exe

Resource

win7-20240903-en

discovery persistence spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

083868b5ee6b6b61fd6434a22831565a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  083868b5ee6b6b61fd6434a22831565a_JaffaCakes118
- Size
  
  253KB
- MD5
  
  083868b5ee6b6b61fd6434a22831565a
- SHA1
  
  a68875f94239efa3f9e5ca4deb48054d401c50b8
- SHA256
  
  2c05eb2fbfac8f4079e8a5d12bc13eae0674c7f6b1d0dd14fc355dbee90b0ed6
- SHA512
  
  37d8736150e724e1b355cc04551af8cf879b8991946cdf342b2f2cbed82e96aabfd11e9f4f58263a2db13513f3b9365c6971ab261454e3955ff5e1a579073437
- SSDEEP
  
  3072:vjr5ELbGnzi+aoJjr5ELbGnzi+aoTYMTnMPgPvCYJ1pqXnNGxPD156EEC:BhXaKhXaPsvCYJ1pqXNCZ5TD
Score

7^/10

discovery persistence spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy