General

  • Target

    a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118

  • Size

    456KB

  • Sample

    240403-xk71maaa65

  • MD5

    a3f438a8e89dab04e2649de7e6e9ffa1

  • SHA1

    2b61bd13401594fe946cb52d0054ab5e1754a119

  • SHA256

    a3aebdb374066a1250ef73bcde03e449e542f278d7d1d0f6c6b3b056619f2774

  • SHA512

    98e5186cb17e86b637d305c2e347f59613ddafd86cf5fc1852eec793b432025e7c615014029605c9e697baba24b0d099d40ce0390c4008c3e2c0a69040bdc369

  • SSDEEP

    6144:ppMM8EV1kmffCpJipAQeNai17Y56rKbDJDODuLn2WvDUyX8rp/mRTCF:URmfaXiGQeN/7YkrOdii72mI

Malware Config

Targets

    • Target

      a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118

    • Size

      456KB

    • MD5

      a3f438a8e89dab04e2649de7e6e9ffa1

    • SHA1

      2b61bd13401594fe946cb52d0054ab5e1754a119

    • SHA256

      a3aebdb374066a1250ef73bcde03e449e542f278d7d1d0f6c6b3b056619f2774

    • SHA512

      98e5186cb17e86b637d305c2e347f59613ddafd86cf5fc1852eec793b432025e7c615014029605c9e697baba24b0d099d40ce0390c4008c3e2c0a69040bdc369

    • SSDEEP

      6144:ppMM8EV1kmffCpJipAQeNai17Y56rKbDJDODuLn2WvDUyX8rp/mRTCF:URmfaXiGQeN/7YkrOdii72mI

    • Contacts a large (965) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks