0dbb5818c9e1492bf6f6ad77b8242431a556d6ea89d5e907b6413758930d9a2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44e5dbb9afbdc2bb69404a2d795a3385_JaffaCakes118
Size

204KB
Sample

241015-am41esxfrj
MD5

44e5dbb9afbdc2bb69404a2d795a3385
SHA1

5567680a7cfe3c2538ed963ba2f740bce21a08c6
SHA256

0dbb5818c9e1492bf6f6ad77b8242431a556d6ea89d5e907b6413758930d9a2e
SHA512

2b27cce649c2e2bae014b5113bf437c43eb9155c7a83bc9cca7dbf67f0a96af8f5a1c6722d7d803c1981ed172e54b0ff1812350c49c2edbbd11f631773dfb1a6
SSDEEP

1536:bobr4eiHgytQCi7CK0rgJjKUL18hRyQM2Bmm27vCKNKUi5pJtNNOH61iplBY+yAq:q4NgytbiYq+a1n5r76KNGXPNsHP/BDq

Score

7^/10

credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  44e5dbb9afbdc2bb69404a2d795a3385_JaffaCakes118
- Size
  
  204KB
- MD5
  
  44e5dbb9afbdc2bb69404a2d795a3385
- SHA1
  
  5567680a7cfe3c2538ed963ba2f740bce21a08c6
- SHA256
  
  0dbb5818c9e1492bf6f6ad77b8242431a556d6ea89d5e907b6413758930d9a2e
- SHA512
  
  2b27cce649c2e2bae014b5113bf437c43eb9155c7a83bc9cca7dbf67f0a96af8f5a1c6722d7d803c1981ed172e54b0ff1812350c49c2edbbd11f631773dfb1a6
- SSDEEP
  
  1536:bobr4eiHgytQCi7CK0rgJjKUL18hRyQM2Bmm27vCKNKUi5pJtNNOH61iplBY+yAq:q4NgytbiYq+a1n5r76KNGXPNsHP/BDq
Score

7^/10

credential_access discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer

behavioral2

credential_accessdiscoveryspywarestealer