Overview

overview

10

Static

static

3

300a2271ee...18.exe

windows7-x64

10

300a2271ee...18.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    300a2271eeb7dd172e95c5d942e808d3_JaffaCakes118

  • Size

    201KB

  • Sample

    241010-qfgvbasenl

  • MD5

    300a2271eeb7dd172e95c5d942e808d3

  • SHA1

    558315e61e5e0c7612b2321e0250d7ecb6912aa8

  • SHA256

    e59830ae2938919031ae08242e7da80dcf327f3a6a20252bc6424c61a7179b45

  • SHA512

    4cf94ad429057d006c04bc2be7837018149f3f8a8a1097492a3a02928dc86354cb680849c1c170de86305bb50c3706c9c2d49519cdfe3ad5adb43a362a7db08b

  • SSDEEP

    6144:hCaI19o40puJtr6kfmZ7H+NtsjOhlNP18:ZI19ZJQT7H+NKKhf18

Score
10/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      300a2271eeb7dd172e95c5d942e808d3_JaffaCakes118

    • Size

      201KB

    • MD5

      300a2271eeb7dd172e95c5d942e808d3

    • SHA1

      558315e61e5e0c7612b2321e0250d7ecb6912aa8

    • SHA256

      e59830ae2938919031ae08242e7da80dcf327f3a6a20252bc6424c61a7179b45

    • SHA512

      4cf94ad429057d006c04bc2be7837018149f3f8a8a1097492a3a02928dc86354cb680849c1c170de86305bb50c3706c9c2d49519cdfe3ad5adb43a362a7db08b

    • SSDEEP

      6144:hCaI19o40puJtr6kfmZ7H+NtsjOhlNP18:ZI19ZJQT7H+NKKhf18

    Score
    10/10
    discoverypersistencespywarestealerupx

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks