Analysis
-
max time kernel
91s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07-04-2024 11:00
General
-
Target
e4c3f4417160312aa250e48270aaeb1a_JaffaCakes118.exe
-
Size
1.2MB
-
MD5
e4c3f4417160312aa250e48270aaeb1a
-
SHA1
761176124100512dcb5da7464d92817a47ba43e7
-
SHA256
c0659d1d06570476094065f6c0c0311f9245396bf9be92b8f6ea5279839576b5
-
SHA512
616a2c6aadad3537e82b5cb34c851c60c4984222a3aae07d75f37eec14aa89121c3c2828b6a0ae1ced0b9c44d59d22bc83445e2eaf866943ff45f863f18c4567
-
SSDEEP
24576:5gfatobwIGwSzHuxzwncFBbe8ik3hPdlGrTtMFQgaxuek515EaD2:I+o7gSzwcFBbe85X+qQnKIaD2
Malware Config
Extracted
44caliber
https://discordapp.com/api/webhooks/854313898911596545/vf42nHbpYOtpVdWXayUdaNtSd5X-l0f9HNHclQ0yL0cLNKWaJXCXzLpHEcwmDefY0mBf
Signatures
-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e4c3f4417160312aa250e48270aaeb1a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e4c3f4417160312aa250e48270aaeb1a_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105B
MD52e9d094dda5cdc3ce6519f75943a4ff4
SHA15d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7
-
Filesize
234B
MD5e94cf956165704f6b92edcb72177ae8f
SHA110d4d7510e0737ab1694b91f5704a511a76751a9
SHA256d198d5604a9748c9fdc1b7849c3aa6d832936a254346fb2b5878ea224076a8a1
SHA51291e2ad8f5dfe2e2badad2e7d1f83dfe7e85c1a0f598fa7d57a0fc2af5f2e9d937d49f874a7448667d50c82dd27005de99710410f0488ba95d8463bc6d0485575
-
Filesize
642B
MD5590b9ef871a00285c63cae968a4f9b0b
SHA10213d61b1793e22a3616349d125e5702819ebd25
SHA256a02f945aea3686b6ca3c0bf685b8eca18f9bc3dc3fce4ee932bd9e7b5df09a69
SHA512d67dd0fb5a8880d3b3b53cea08a0220d9dee1042f6c4a43dea853eee8b12593869b3fb647f6e768b8da635638e8fc60f8f8021d9360e36dd9628c3bdec095686
-
Filesize
1KB
MD50562630d06f9d03c521876a30f7df344
SHA1564bdd03dc414ba862ca35fb9637460981ab874b
SHA25670431005ec3e98751e23c8813ad48eac1d57b4ab9d6d822e3bf8016f49467edc
SHA5123b11387b488a454df2ef4ea07d5b1e568b16856163063df7aa1ef346f872c02a5845f452d1f8e5fad07ad9d7153dfd540ad2204946e726da436a8708fbd98378
-
Filesize
64KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
3.7MB
-
Filesize
7.7MB
-
Filesize
3.7MB
-
Filesize
408KB
-
Filesize
3.7MB
-
Filesize
7.7MB