e1084b11b372b79a666fce8568900f6e487de29866b7747ea13a37a75b081065 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42ec8922736e487598a628cbe2b12efb_JaffaCakes118
Size

12KB
Sample

241014-s55nsawgjp
MD5

42ec8922736e487598a628cbe2b12efb
SHA1

6989e3e0e5379efd5372187b35b5728c5ecf20b0
SHA256

e1084b11b372b79a666fce8568900f6e487de29866b7747ea13a37a75b081065
SHA512

3cb47e7c28fb281783660ec4c0c0b3e32fc794045f17a86efe4e125ba3a024247ee582769ed898060675253dbfca83108b0dadd485fa5bf528246a433170bc5e
SSDEEP

384:J0KjMB9JTUA0IKHpj8s8XH0grR0E/5i5:FjMyPIGjAHlC5

Score

7^/10

credential_access discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  42ec8922736e487598a628cbe2b12efb_JaffaCakes118
- Size
  
  12KB
- MD5
  
  42ec8922736e487598a628cbe2b12efb
- SHA1
  
  6989e3e0e5379efd5372187b35b5728c5ecf20b0
- SHA256
  
  e1084b11b372b79a666fce8568900f6e487de29866b7747ea13a37a75b081065
- SHA512
  
  3cb47e7c28fb281783660ec4c0c0b3e32fc794045f17a86efe4e125ba3a024247ee582769ed898060675253dbfca83108b0dadd485fa5bf528246a433170bc5e
- SSDEEP
  
  384:J0KjMB9JTUA0IKHpj8s8XH0grR0E/5i5:FjMyPIGjAHlC5
Score

7^/10

discovery persistence spyware stealer credential_access
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

credential_accessdiscoverypersistencespywarestealer