ff84debf89667401917afbd343c19b875f4bb5c30a12f371bc0990174ba55fbe | Triage

Sharing

General

Target

10eafc1d774a0871d91c4ab7015e2b8b_JaffaCakes118
Size

128KB
Sample

241003-3jce8aserl
MD5

10eafc1d774a0871d91c4ab7015e2b8b
SHA1

6006651553c049e22050f34d5269ae492c57761f
SHA256

ff84debf89667401917afbd343c19b875f4bb5c30a12f371bc0990174ba55fbe
SHA512

b370afd0c329ef9d582ba5231133f2e2457eb292b23e8f1f943da921fa04d9e2c76bca3154f16e8612aea0258fec12849ef9f5114c3ab635736f242ad8a1fc8b
SSDEEP

3072:qtQqgIP+wHKPhWT5PZ2pM/oymvWpf+wHKPhW:qtQq7GwH/T5p/0vMWwH/

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  10eafc1d774a0871d91c4ab7015e2b8b_JaffaCakes118
- Size
  
  128KB
- MD5
  
  10eafc1d774a0871d91c4ab7015e2b8b
- SHA1
  
  6006651553c049e22050f34d5269ae492c57761f
- SHA256
  
  ff84debf89667401917afbd343c19b875f4bb5c30a12f371bc0990174ba55fbe
- SHA512
  
  b370afd0c329ef9d582ba5231133f2e2457eb292b23e8f1f943da921fa04d9e2c76bca3154f16e8612aea0258fec12849ef9f5114c3ab635736f242ad8a1fc8b
- SSDEEP
  
  3072:qtQqgIP+wHKPhWT5PZ2pM/oymvWpf+wHKPhW:qtQq7GwH/T5p/0vMWwH/
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer