Overview

overview

10

Static

static

3

fw3.exe

windows7-x64

7

fw3.exe

windows10-2004-x64

7

fw4.exe

windows7-x64

1

fw4.exe

windows10-2004-x64

10

fw5.exe

windows7-x64

7

fw5.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73

  • Size

    440KB

  • Sample

    241222-llgz2stkek

  • MD5

    10c5fa4b68e0c27e8863155ed221d2e6

  • SHA1

    1752ac3df1cacefac5b4ff829cd03a3b6ac56b01

  • SHA256

    418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73

  • SHA512

    6dec2c6269e60d8971f696510a5efbb5b1068b33c57583d08f46141e712e7976487280e80ced0ae30ad67abd0fbb0cca0de2d3049df4bf9bf54dd8bab24e0ddb

  • SSDEEP

    12288:iQN8v42w4UinZxSemQPq+5koIPUFKVUGIBTywKEXl+0KKbap:jN04InfRyUFMXmTVTXyAm

Score
10/10
xmrigdiscoveryminerpersistencespywarestealer

Malware Config

Targets

    • Target

      fw3.exe

    • Size

      338KB

    • MD5

      720472cdad6f6ea6a57ea95824143ea0

    • SHA1

      f95a09690c3908581ca147687ceef19bdfb3f64a

    • SHA256

      245c35840df28cc2bd9bf3ccbc18392f56176780b463b0619ebd918d5be744c5

    • SHA512

      e3e433e8ffd2639e1bde04e2bb4a4fb7ff7fda53253769fec298472036cfdf30ba8df9859145aa457b6306d1a4eb1428266020797ac0f4937851918b629b5fe6

    • SSDEEP

      6144:J++596s5w8sdJnGFZ/tQPHpc2L5Dcach4mbYRtoa/a7BDxdXsZSK4iqBB+X5:pb5dsdJnGtQPu4k18ROamnXsZZz5

    Score
    7/10
    discoveryspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      fw4.exe

    • Size

      132KB

    • MD5

      f3585a8e4abba600aeeafbdfc4494535

    • SHA1

      4950bbea2e80116456a88257909ad7d7d4322a97

    • SHA256

      cd64d4fb480eb95963fc602cc86963ef08e2ddc2db52491208d187b775f3467b

    • SHA512

      99b5920de4d61db0cb588030021d232874f83df91831f968725349bdb4f52e66c75956e7a30174259bfdd58b21beb9d207da25e08e17b4aba54a43e65702adcb

    • SSDEEP

      3072:MlNR3vyv+qldiSJYa3ITl0eh3zcCraMv3NmmAh:M9+H5jITlBACrg9

    Score
    10/10
    xmrigdiscoveryminerpersistence

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      fw5.exe

    • Size

      371KB

    • MD5

      99a61f92e2cd83591e895f23ef02cc79

    • SHA1

      ec887c0f131efd4f5f3c44f1cc03c35e43fea0b2

    • SHA256

      81a71b5beadef1696974ec4479a672f7528859a33413f5c63fd26f10ad5c9f06

    • SHA512

      5eee38b77407f8e7460f0315ea3d0232ff10f0d06660393095c354b48322e41b2c4411d314203488c0270b72755d6136bf4aba165e0830a05514abbf4a6bd0d3

    • SSDEEP

      6144:kABDgIHmDWn3LA6AuuUQ+wIwnkQjbvoluOSWDn:kABTGDWn3LA6DuUqIwnkQjeuOSyn

    Score
    7/10
    discovery

    • Drops startup file

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks