5017fad3ad4cc8ebfae087439fd120d2bb6f89d8617421fa7cb672cd24a5694f | Triage

Sharing

General

Target

JaffaCakes118_f9dc45af96acdb35e2493f4c21684a2d
Size

409KB
Sample

250111-hhmjkssjgj
MD5

f9dc45af96acdb35e2493f4c21684a2d
SHA1

ebaa57a261f3c0e78e63233f7c00e530d3d314c3
SHA256

5017fad3ad4cc8ebfae087439fd120d2bb6f89d8617421fa7cb672cd24a5694f
SHA512

7dff9f34edda24381d8d634c111890f72059f47fea844e25675fc396e2f2a6600adce93193824fc9d5dc9895617e05e76e1377c5cf8c6840804008d4e907ad36
SSDEEP

6144:ppMM8EV1kmIOA9nkEamR4XOyV5R7Ls2dMQRcR0FZXpL:URmqkjmR4BVH7LSQRlHL

Score

8^/10

discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_f9dc45af96acdb35e2493f4c21684a2d
- Size
  
  409KB
- MD5
  
  f9dc45af96acdb35e2493f4c21684a2d
- SHA1
  
  ebaa57a261f3c0e78e63233f7c00e530d3d314c3
- SHA256
  
  5017fad3ad4cc8ebfae087439fd120d2bb6f89d8617421fa7cb672cd24a5694f
- SHA512
  
  7dff9f34edda24381d8d634c111890f72059f47fea844e25675fc396e2f2a6600adce93193824fc9d5dc9895617e05e76e1377c5cf8c6840804008d4e907ad36
- SSDEEP
  
  6144:ppMM8EV1kmIOA9nkEamR4XOyV5R7Ls2dMQRcR0FZXpL:URmqkjmR4BVH7LSQRlHL
Score

8^/10

discovery persistence spyware stealer
- Contacts a large (1386) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealer