ca69ae36e95dc4a0d946bace093f16d64ebfd4e4622f3816215a9d9418c74761 | Triage

Sharing

General

Target

3168613280927854ccb0e31f9203c07b_JaffaCakes118
Size

32KB
Sample

241010-xsfaks1fqh
MD5

3168613280927854ccb0e31f9203c07b
SHA1

206ffb99ccdb7a93c2a82fe234f3a3a355a1c503
SHA256

ca69ae36e95dc4a0d946bace093f16d64ebfd4e4622f3816215a9d9418c74761
SHA512

2d91ec032b1f37bf9d84aad07d8cb4fefbfe59d1e94a90fed73ad6e1851c37b3061c4b74f1b2b2385bc123fa1dbf1b8262a06e9dba523beece1a8441a390233f
SSDEEP

768:BbRAPsGNxkwiTDJKAdmoEr1WrG486avkMFwUPbIvpTerE:tRosGnkBDJKVoEr1OMiUPEBP

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  3168613280927854ccb0e31f9203c07b_JaffaCakes118
- Size
  
  32KB
- MD5
  
  3168613280927854ccb0e31f9203c07b
- SHA1
  
  206ffb99ccdb7a93c2a82fe234f3a3a355a1c503
- SHA256
  
  ca69ae36e95dc4a0d946bace093f16d64ebfd4e4622f3816215a9d9418c74761
- SHA512
  
  2d91ec032b1f37bf9d84aad07d8cb4fefbfe59d1e94a90fed73ad6e1851c37b3061c4b74f1b2b2385bc123fa1dbf1b8262a06e9dba523beece1a8441a390233f
- SSDEEP
  
  768:BbRAPsGNxkwiTDJKAdmoEr1WrG486avkMFwUPbIvpTerE:tRosGnkBDJKVoEr1OMiUPEBP
Score

7^/10

credential_access discovery persistence spyware stealer
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer