f7b322d2a2fef23f10a5c6e9227b9fb6596ca0b84242cdb2fd6271035b04f919 | Triage

Sharing

General

Target

30cca8ca72cbea56569021a9aa60cf8a_JaffaCakes118
Size

240KB
Sample

241010-tsfpkazejp
MD5

30cca8ca72cbea56569021a9aa60cf8a
SHA1

2c87920018c948c2084a18082d8f90d5c44bf7ee
SHA256

f7b322d2a2fef23f10a5c6e9227b9fb6596ca0b84242cdb2fd6271035b04f919
SHA512

6a605d0df6456579db7ade217157d3a7d869ec722151c0a8d35eb54c0f83596a59489984c76deb67243c9d35ea908dbe619e3deeb9ef0adb1f019265c1ec2007
SSDEEP

6144:cYGRV9w7dJOp8tYrZK0TO3rab+/C5RXfPcF68YchRhf:cYGRkdJOpTKEv0F6S

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  30cca8ca72cbea56569021a9aa60cf8a_JaffaCakes118
- Size
  
  240KB
- MD5
  
  30cca8ca72cbea56569021a9aa60cf8a
- SHA1
  
  2c87920018c948c2084a18082d8f90d5c44bf7ee
- SHA256
  
  f7b322d2a2fef23f10a5c6e9227b9fb6596ca0b84242cdb2fd6271035b04f919
- SHA512
  
  6a605d0df6456579db7ade217157d3a7d869ec722151c0a8d35eb54c0f83596a59489984c76deb67243c9d35ea908dbe619e3deeb9ef0adb1f019265c1ec2007
- SSDEEP
  
  6144:cYGRV9w7dJOp8tYrZK0TO3rab+/C5RXfPcF68YchRhf:cYGRkdJOpTKEv0F6S
Score

7^/10

credential_access discovery persistence spyware stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

discoverypersistence