4d0d51e3e1ed877bf2a7c27830005955a67dd923910f69d43d565537ab9b6871 | Triage

Resubmissions

13-01-2025 01:42

250113-b4zygaslbq 4

12-01-2025 20:44

250112-zjcjfa1lem 4

12-01-2025 20:43

250112-zhw7fs1lcr 4

12-01-2025 20:19

250112-y3475aznhp 4

12-01-2025 20:18

250112-y29q8aznfp 4

12-01-2025 20:10

250112-yxqsjszmam 1

12-01-2025 19:38

250112-ycrt4symdl 8

12-01-2025 19:36

250112-ybj3waylgk 4

12-01-2025 19:33

250112-x9t53aylam 4

12-01-2025 19:19

250112-x1jmzaxqfj 6

Sharing

General

Target

JaffaCakes118_10e348c6059abdb25d0b650ce3591a7e
Size

6KB
Sample

250112-ycrt4symdl
MD5

10e348c6059abdb25d0b650ce3591a7e
SHA1

82c10f89b940adf2feb110115fdbcb0d4604d745
SHA256

4d0d51e3e1ed877bf2a7c27830005955a67dd923910f69d43d565537ab9b6871
SHA512

b80f6515da161ff39ad681c115d991b4ace53621900210cef272810e6c3ec4da590e138686280220dd71e0d93da19ee1f20f704679da6c67502de498c44468e1
SSDEEP

96:uzVs+ux7UhYtLLY1k9o84d12ef7CSTUrZcEZ7ru7f:csz7UhYtAYS/+b76f

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation spyware stealer trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_10e348c6059abdb25d0b650ce3591a7e
- Size
  
  6KB
- MD5
  
  10e348c6059abdb25d0b650ce3591a7e
- SHA1
  
  82c10f89b940adf2feb110115fdbcb0d4604d745
- SHA256
  
  4d0d51e3e1ed877bf2a7c27830005955a67dd923910f69d43d565537ab9b6871
- SHA512
  
  b80f6515da161ff39ad681c115d991b4ace53621900210cef272810e6c3ec4da590e138686280220dd71e0d93da19ee1f20f704679da6c67502de498c44468e1
- SSDEEP
  
  96:uzVs+ux7UhYtLLY1k9o84d12ef7CSTUrZcEZ7ru7f:csz7UhYtAYS/+b76f
Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation spyware stealer trojan
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan