Extracted

• • Target

    1252c8d9d8101cba82ac58077b236ed9_JaffaCakes118

  • Size

    743KB

  • MD5

    1252c8d9d8101cba82ac58077b236ed9

  • SHA1

    93088b414ed2c0f76085eaedf177340db2179e16

  • SHA256

    b4fe448064bd73c7c3d3d6e594fda0c29d59bbfc09d629e06d76ae4d101eeaf0

  • SHA512

    a1a6be67a83c286100631a3fbe12822adfb1e9f09c58da64d94a2c9b5046082f7e0bfafb25bc74aa60a4f0a1f7421e1e14fcf776a7d36cb97eda5ad2b19ad2cf

  • SSDEEP

    12288:SfUfEpv+lDZwJ+3rU/orUZoPEMscDQRYHKwcpJK1diHa2hM7GUYQ9lw8sc:bQmDZ33rUArUOPPQ6gudiOYQnX/

  Score

  10^/10

  credential_accessspywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2