25c414665d28bb696af4c0e284f3f1ff779a7a6d2a17e7752c2f093eef143ba4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16f67e2e88a124a2309e6acbd79c3bca_JaffaCakes118
Size

1.3MB
Sample

241005-kja82szdmb
MD5

16f67e2e88a124a2309e6acbd79c3bca
SHA1

ace818d7e69a0c2510e37da109cf085b99452289
SHA256

25c414665d28bb696af4c0e284f3f1ff779a7a6d2a17e7752c2f093eef143ba4
SHA512

99da3fc89f6946b9b64a49d867bf9460be43ae3cea510a4aa19e2035f25c9b5e47b2b5124fabef02cad54987c9db124601c51a9713ba8159257a386fe3a30853
SSDEEP

24576:6S+VZMFvzuei/bc6EGn5u5TtyJ8adjCzjyhhcDkPQcKiwMH5yUKc5thLfrXa7sjJ:6HVZM1zur/bc6/nRJ/aOheDkPQcKiwM3

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  16f67e2e88a124a2309e6acbd79c3bca_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  16f67e2e88a124a2309e6acbd79c3bca
- SHA1
  
  ace818d7e69a0c2510e37da109cf085b99452289
- SHA256
  
  25c414665d28bb696af4c0e284f3f1ff779a7a6d2a17e7752c2f093eef143ba4
- SHA512
  
  99da3fc89f6946b9b64a49d867bf9460be43ae3cea510a4aa19e2035f25c9b5e47b2b5124fabef02cad54987c9db124601c51a9713ba8159257a386fe3a30853
- SSDEEP
  
  24576:6S+VZMFvzuei/bc6EGn5u5TtyJ8adjCzjyhhcDkPQcKiwMH5yUKc5thLfrXa7sjJ:6HVZM1zur/bc6/nRJ/aOheDkPQcKiwM3
Score

7^/10

discovery spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer