Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 15:23
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe
-
Size
403KB
-
MD5
87c6424c80111da4b103a223cc5518b6
-
SHA1
096983377bb6e19a7d89e9a328674232e5e899ad
-
SHA256
d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a
-
SHA512
c7a73ca9881c40a3d87ed4af687a4850eed54515dd5cdacc4650a02093d1eec7439345786eef485d97f489e3a8c9e7ef499a9056c93f2525745d4f45c8bfb327
-
SSDEEP
6144:mVi9VYkVujsdA5Qtto1guqi5GnR1RpJYK93z7ucO/AjT6xa9SpuokyLb/9j4wZAV:i2VFgsiARHb3+cO/AX6xaQpuon/9j47
Malware Config
Extracted
cryptbot
unic15m.top
unic15e.top
Signatures
-
Cryptbot family
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d7f5c670fa50b1008b19da4cf488c212af1fc75a49c682b8100c109add4ca53a.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD545491f2893876e5e00ee3e9609510c0b
SHA1d9865b608b12c31ac7db4d1bda4b88876b12d83c
SHA256579763a5f5aec52778a3049cf0252fa87f126782bdf322dd6c543b440dfc366e
SHA512154bbd6eb071cddd6a9c09b92338ec0b302902705fe749aff929643c82ed8ca76ab706d1675a52aa03829418ab2762bd13df7c3a149b393f88a90f7aa0b7c65b
-
Filesize
1KB
MD5673443cb87e15d6067744939aa57f2b3
SHA1d055086f3aeeb10acd89a31503055a244d6a3481
SHA2561f72f2e493d704b3b85bc62632fd8ef6379d3a1ab591fdc0839bfb60b7da0f6d
SHA512250247e9b6110f60f723e2d9a31ee1391cd770931a62691c884d5d330a4b2bf6110f95f6acca08c1f6513660ef99ac3ac4bacf1003ff9244c8b957b1ba6fd6ca
-
Filesize
1KB
MD5c9d1b56e7f9b0da3cb82e52880e39212
SHA15ebd5271c9ee7f61ed62211e28f964501d4afcf7
SHA256af0b7ea71843d78ff28960d93a3c5eba5222b57abef58f70b57a0e36285903af
SHA5123ab8d883ad21c92983acfc85cb7fbc368a4cc718d85a4f37c6a03673db7ccc68ced08c9f81d2076847cd4463e50d302d444e2e2ae5c7204c854a06748a0a3081
-
Filesize
1KB
MD597878b83da51ba51c7755e4199dd1b52
SHA179a7a97faa484536ece108b6b93fa62bd59f3487
SHA256526f9505b35c4cde7a504632a90abc35b0052e48280f11b27a453ae26187445e
SHA512d3d219177905d230ebb2e3487cef4df7eb55ac1c5e1fec0c7d69c0ecf7e4132971fb7c55fea8d33978d5b8c0ab4127f3c532d0023ed82cfd7e743a5ddc99755f
-
Filesize
4KB
MD5f4b0752b61ad80b8be17e093d4fac0e7
SHA1d0e07078e9e0995deac01e87193586bb71158efd
SHA2567584c063397561c7503f30176d5ec22129240261788d30e8743d1ec0068f2241
SHA512a95d4cdec1be0911b6323f90204b18509efa8ad7968deac0f83dce3588e5a22adcd3efa41f05e4472e476ddc950b786dcc00a53378f3e0fc17e158de4d06273f
-
Filesize
51KB
MD5a9c89aad1659d8707b326acd94231169
SHA121c49092e605f9e1d63b7534005e7fd335bba6ec
SHA25656259b55054eda01dfbc49198efb587f22c8fb699c8ff8e100a0157a574ed406
SHA51277f644580eab00ffdc366beba954e12cf4003df2be6eda5492a24123d46aaab3612f7dd054a306ed2ef74a7e8a2ee67ba75321c806c9dbd46c11761afe541806