Extracted

• • Target

    55db6da9f017870b6346101f25d62067_JaffaCakes118

  • Size

    73KB

  • MD5

    55db6da9f017870b6346101f25d62067

  • SHA1

    75f0ef3733df2d89f1a4fdf37cc11df77d58a4db

  • SHA256

    bd9fd127c1e64f1d051b2a4e3ef17c1615886db622d0f9d7a3829ee6f629edd1

  • SHA512

    d74fe8940941414ef004ebf675e2411db22fa50d7510432314cb92a80caefb9a88c5570c7db5a0054cd551920e6921b3e81d408c779e4a0a1ef3cfac8679dddd

  • SSDEEP

    1536:kEvdK6j9yeEf5zHNQcuP0QFH4DA7p5Dujx8DagPznH:kEFhEf5ztR3utSx8DagPDH

  Score

  10^/10

  discoverypersistencespywarestealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  behavioral1behavioral2