0fca35ebb7ae0f4fe1ea6566c78f15959f1599ecf6c58c3218f5a65118eaa4cb | Triage

Submit
Reports

Overview

overview

Static

static

3

1a7a4a3125...18.exe

windows7-x64

1a7a4a3125...18.exe

windows10-2004-x64

Sharing

General

Target

1a7a4a3125c7e8b4570e015e918b3ea4_JaffaCakes118
Size

361KB
Sample

240701-jkbersshpn
MD5

1a7a4a3125c7e8b4570e015e918b3ea4
SHA1

6ef597ba7121d9e13702e0ebe333fb598f5afdcb
SHA256

0fca35ebb7ae0f4fe1ea6566c78f15959f1599ecf6c58c3218f5a65118eaa4cb
SHA512

88df0aa47e94efe2511ad174737e0612f8d5b1aadc55ab030d9f46d44eb5498e6d5815d12e129c762bce36669c7e103843a72e4b433848794494ef3de6ef0648
SSDEEP

6144:NKDmydY+S9m2IsM56ZyXriQtAkaY9h4JewwdhTm77IEiwJJpI:SdY+kmf6Z+rjuk19KNYhTmAEiwbp

Score

10^/10

collection evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a7a4a3125c7e8b4570e015e918b3ea4_JaffaCakes118.exe

Resource

win7-20240221-en

collection evasion persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a7a4a3125c7e8b4570e015e918b3ea4_JaffaCakes118.exe

Resource

win10v2004-20240611-en

collection evasion persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a7a4a3125c7e8b4570e015e918b3ea4_JaffaCakes118
- Size
  
  361KB
- MD5
  
  1a7a4a3125c7e8b4570e015e918b3ea4
- SHA1
  
  6ef597ba7121d9e13702e0ebe333fb598f5afdcb
- SHA256
  
  0fca35ebb7ae0f4fe1ea6566c78f15959f1599ecf6c58c3218f5a65118eaa4cb
- SHA512
  
  88df0aa47e94efe2511ad174737e0612f8d5b1aadc55ab030d9f46d44eb5498e6d5815d12e129c762bce36669c7e103843a72e4b433848794494ef3de6ef0648
- SSDEEP
  
  6144:NKDmydY+S9m2IsM56ZyXriQtAkaY9h4JewwdhTm77IEiwJJpI:SdY+kmf6Z+rjuk19KNYhTmAEiwbp
Score

10^/10

collection evasion persistence spyware stealer trojan
- UAC bypass
  evasion trojan
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

collectionevasionpersistencespywarestealertrojan

behavioral2

collectionevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy