Overview

overview

7

Static

static

3

28966e8f25...18.exe

windows7-x64

7

28966e8f25...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28966e8f256b02270d4a52549dff324f_JaffaCakes118

  • Size

    411KB

  • Sample

    241009-b4eyaszdlm

  • MD5

    28966e8f256b02270d4a52549dff324f

  • SHA1

    f1a3f4e08c5dac419913e7e17a75592ee0164c01

  • SHA256

    f4768a843b2a3d4b1279b14ac53ec10ebb1c98e56dee99955596fdf2dbad4be7

  • SHA512

    52c58500a3dbff0442652df03e3815ba0b2ee3b7c0d7ecf716b60aa91b2734863e2eeb1572f8937f82c6f9bae1b470a9f0a25647f4abe44e0346afed4ba80644

  • SSDEEP

    12288:0ZdLurxHD4dsP5yGv5eax53dsLSsTRCb:rqaPMO3x5NXsTRC

Score
7/10
credential_accessdiscoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      28966e8f256b02270d4a52549dff324f_JaffaCakes118

    • Size

      411KB

    • MD5

      28966e8f256b02270d4a52549dff324f

    • SHA1

      f1a3f4e08c5dac419913e7e17a75592ee0164c01

    • SHA256

      f4768a843b2a3d4b1279b14ac53ec10ebb1c98e56dee99955596fdf2dbad4be7

    • SHA512

      52c58500a3dbff0442652df03e3815ba0b2ee3b7c0d7ecf716b60aa91b2734863e2eeb1572f8937f82c6f9bae1b470a9f0a25647f4abe44e0346afed4ba80644

    • SSDEEP

      12288:0ZdLurxHD4dsP5yGv5eax53dsLSsTRCb:rqaPMO3x5NXsTRC

    Score
    7/10
    credential_accessdiscoverypersistencespywarestealerupx

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks