bed82b765a6f77de01c55cace7c15e4984fda706f7fa8357836e67793a4358a4 | Triage

Sharing

General

Target

3e3cce8bed6edaa30d8e21ef99d4b66e_JaffaCakes118
Size

8.6MB
Sample

241013-gy1kpssfpd
MD5

3e3cce8bed6edaa30d8e21ef99d4b66e
SHA1

2d014ad3249af8e8ed112e6ba0a67cc10e971107
SHA256

bed82b765a6f77de01c55cace7c15e4984fda706f7fa8357836e67793a4358a4
SHA512

02d25603cb97c2e6ba5713f0000ba04bd9c41a9b86a4d357a446446a28ac36e00257364fb9f9a0dbe3afeeefdca7bfa42828ec7fc2aaa9cbb27dcd43a39a32a6
SSDEEP

196608:UD1x7GGICteEroXxHVfEqlbkkwR7VTEew+ZFtt69MEOWS4j8pr7r:WGGInEroXnfEqirRRo3+Zvt6OET

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  3e3cce8bed6edaa30d8e21ef99d4b66e_JaffaCakes118
- Size
  
  8.6MB
- MD5
  
  3e3cce8bed6edaa30d8e21ef99d4b66e
- SHA1
  
  2d014ad3249af8e8ed112e6ba0a67cc10e971107
- SHA256
  
  bed82b765a6f77de01c55cace7c15e4984fda706f7fa8357836e67793a4358a4
- SHA512
  
  02d25603cb97c2e6ba5713f0000ba04bd9c41a9b86a4d357a446446a28ac36e00257364fb9f9a0dbe3afeeefdca7bfa42828ec7fc2aaa9cbb27dcd43a39a32a6
- SSDEEP
  
  196608:UD1x7GGICteEroXxHVfEqlbkkwR7VTEew+ZFtt69MEOWS4j8pr7r:WGGInEroXnfEqirRRo3+Zvt6OET
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2