0db25c58d7e5ba120001e946c0b49d3cde121452a7a5133dbf2f4090d4c73202 | Triage

Sharing

General

Target

0fca29f7ac8e9d4150a9d618f3ba2d12_JaffaCakes118
Size

36KB
Sample

241003-vqtzvazglg
MD5

0fca29f7ac8e9d4150a9d618f3ba2d12
SHA1

f4fd5358bfa1e506704b63d42547c2c84ba58738
SHA256

0db25c58d7e5ba120001e946c0b49d3cde121452a7a5133dbf2f4090d4c73202
SHA512

d05600ceee9e1e231348db4a711c14f31cd969534ef9d1191a404112e3f7ac23ecec344e9c529ce4c63de0ed5d7ec110458cc5bee6f21fa516742acc290969b1
SSDEEP

768:0++jvgacEj862pdUupHCquylm7XI8/N0XpW9o:0bnyyupiquyg/l9o

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.drivehq.com
Port:
21
Username:
mama2009
Password:
ACET6rkC

Targets

- Target
  
  0fca29f7ac8e9d4150a9d618f3ba2d12_JaffaCakes118
- Size
  
  36KB
- MD5
  
  0fca29f7ac8e9d4150a9d618f3ba2d12
- SHA1
  
  f4fd5358bfa1e506704b63d42547c2c84ba58738
- SHA256
  
  0db25c58d7e5ba120001e946c0b49d3cde121452a7a5133dbf2f4090d4c73202
- SHA512
  
  d05600ceee9e1e231348db4a711c14f31cd969534ef9d1191a404112e3f7ac23ecec344e9c529ce4c63de0ed5d7ec110458cc5bee6f21fa516742acc290969b1
- SSDEEP
  
  768:0++jvgacEj862pdUupHCquylm7XI8/N0XpW9o:0bnyyupiquyg/l9o
Score

10^/10

credential_access discovery spyware stealer
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer

behavioral2