General

  • Target

    dddb0842d01f22ad0e440f92c82ec2a9_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240406-hgzgracg9s

  • MD5

    dddb0842d01f22ad0e440f92c82ec2a9

  • SHA1

    be4eb14fb69f166572c6a9114a1e8bec685249ef

  • SHA256

    d796025ee2a776b5bf353d5007da698c6720010d6501e5f95d9c34e6b2bf2e87

  • SHA512

    7f1221f98b1de2216f4a7b2a0f2c95cd11f0e3588128659ab19738f64e50334cc4bc1c29bf6f112ab8dff94d435587d9b6b3783cbb336d54cce11ba67d71964d

  • SSDEEP

    98304:8slYLTJRwUcqFXLcJpaWBMSNXFs+SZSvcHJ/aSUvwlperNDIOybD:88YL8YX8sWBMeVsZovw8polcrhRw

Score
9/10

Malware Config

Targets

    • Target

      dddb0842d01f22ad0e440f92c82ec2a9_JaffaCakes118

    • Size

      4.3MB

    • MD5

      dddb0842d01f22ad0e440f92c82ec2a9

    • SHA1

      be4eb14fb69f166572c6a9114a1e8bec685249ef

    • SHA256

      d796025ee2a776b5bf353d5007da698c6720010d6501e5f95d9c34e6b2bf2e87

    • SHA512

      7f1221f98b1de2216f4a7b2a0f2c95cd11f0e3588128659ab19738f64e50334cc4bc1c29bf6f112ab8dff94d435587d9b6b3783cbb336d54cce11ba67d71964d

    • SSDEEP

      98304:8slYLTJRwUcqFXLcJpaWBMSNXFs+SZSvcHJ/aSUvwlperNDIOybD:88YL8YX8sWBMeVsZovw8polcrhRw

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks