General

  • Target

    e61889da5a1bf87be028dc2fa98692d0_JaffaCakes118

  • Size

    569KB

  • Sample

    240407-3a8gashe7t

  • MD5

    e61889da5a1bf87be028dc2fa98692d0

  • SHA1

    b03d50e3480f2c5899bdb702087cfa3d0df3ae3a

  • SHA256

    ab3a734d3d4e74c518d0df14fe750472a0308a1fe0c188a0f132fd206dba6958

  • SHA512

    fab8834ee1e4a2ccc1a39e515f779e12821440f69b4fc9e98b41edef24efd0cffb81c1f0075c8ba8f0015412e1d3543d2f4d5622e59bbf20b4b3e12753b110eb

  • SSDEEP

    12288:293m20JZfzWZKmuHYYVq+RVQBcNef2xNpj7FtVA58Jac0:PauH3RVyc3FfnVA+Mc0

Malware Config

Targets

    • Target

      e61889da5a1bf87be028dc2fa98692d0_JaffaCakes118

    • Size

      569KB

    • MD5

      e61889da5a1bf87be028dc2fa98692d0

    • SHA1

      b03d50e3480f2c5899bdb702087cfa3d0df3ae3a

    • SHA256

      ab3a734d3d4e74c518d0df14fe750472a0308a1fe0c188a0f132fd206dba6958

    • SHA512

      fab8834ee1e4a2ccc1a39e515f779e12821440f69b4fc9e98b41edef24efd0cffb81c1f0075c8ba8f0015412e1d3543d2f4d5622e59bbf20b4b3e12753b110eb

    • SSDEEP

      12288:293m20JZfzWZKmuHYYVq+RVQBcNef2xNpj7FtVA58Jac0:PauH3RVyc3FfnVA+Mc0

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks