f6ebc6a25ec5cb341e720fc99c2b4124453cc8e8c0672a1efab5f3a785ead3d9 | Triage

Sharing

General

Target

45a36363358e12cadb2bd2abf8bd8629_JaffaCakes118
Size

2.1MB
Sample

241015-d5bndaseqe
MD5

45a36363358e12cadb2bd2abf8bd8629
SHA1

10e75bee6d1afbe8bc45a9a881f7b869f6810da3
SHA256

f6ebc6a25ec5cb341e720fc99c2b4124453cc8e8c0672a1efab5f3a785ead3d9
SHA512

8c05c79c10da92c8163049d068380d3185c0a3cb9179b02b86f48b13efc7cef35da3e356b3bdee7a78524100345b5f4a81dfb8272f9d232b76a6cf20089ef9fb
SSDEEP

49152:we0ZpN9yf1sf3i+Aai+bXQ0P6KwpscwJiixcfFP+oUXnKl2kVH3flV+ih3v9cGWM:QpNE+AaiMX

Score

7^/10

credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  45a36363358e12cadb2bd2abf8bd8629_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  45a36363358e12cadb2bd2abf8bd8629
- SHA1
  
  10e75bee6d1afbe8bc45a9a881f7b869f6810da3
- SHA256
  
  f6ebc6a25ec5cb341e720fc99c2b4124453cc8e8c0672a1efab5f3a785ead3d9
- SHA512
  
  8c05c79c10da92c8163049d068380d3185c0a3cb9179b02b86f48b13efc7cef35da3e356b3bdee7a78524100345b5f4a81dfb8272f9d232b76a6cf20089ef9fb
- SSDEEP
  
  49152:we0ZpN9yf1sf3i+Aai+bXQ0P6KwpscwJiixcfFP+oUXnKl2kVH3flV+ih3v9cGWM:QpNE+AaiMX
Score

7^/10

credential_access discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer

behavioral2

credential_accessdiscoveryspywarestealer