General

  • Target

    137b1521173ce7a2b8014fe7faaa84b0_JaffaCakes118

  • Size

    321KB

  • Sample

    240329-aglxnacc6t

  • MD5

    137b1521173ce7a2b8014fe7faaa84b0

  • SHA1

    1de991d40814666aa696197c6172fd75f7d6abb9

  • SHA256

    06975148567f435190949a216dd8d53879d9ca0f7ea296cd8db3e0f464f9a3bb

  • SHA512

    313d2c05ab0e1140aa6efb1b104290e0e4a069e6e973b2886e49cb170c67352cc0f7e7521c8eb97f9e0d19c643984b5745432022ef4b5e636a58c5ff027e7ef2

  • SSDEEP

    3072:c7puEEMohqTY9VHPfuev7puEEMohqTY9VHPfuev7puEEMoW7puEEMof3nvKdSdSU:IpMM6VtpMM6VtpMMPpMMKnvKdSci/7Cw

Malware Config

Targets

    • Target

      137b1521173ce7a2b8014fe7faaa84b0_JaffaCakes118

    • Size

      321KB

    • MD5

      137b1521173ce7a2b8014fe7faaa84b0

    • SHA1

      1de991d40814666aa696197c6172fd75f7d6abb9

    • SHA256

      06975148567f435190949a216dd8d53879d9ca0f7ea296cd8db3e0f464f9a3bb

    • SHA512

      313d2c05ab0e1140aa6efb1b104290e0e4a069e6e973b2886e49cb170c67352cc0f7e7521c8eb97f9e0d19c643984b5745432022ef4b5e636a58c5ff027e7ef2

    • SSDEEP

      3072:c7puEEMohqTY9VHPfuev7puEEMohqTY9VHPfuev7puEEMoW7puEEMof3nvKdSdSU:IpMM6VtpMM6VtpMMPpMMKnvKdSci/7Cw

    • Contacts a large (1425) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks