General

  • Target

    e54adeaee912f6c64b20c6a447ad6974_JaffaCakes118

  • Size

    860KB

  • Sample

    240407-ta8mmagc68

  • MD5

    e54adeaee912f6c64b20c6a447ad6974

  • SHA1

    660c89e3562c780ce69d912c73ff7f406560c76d

  • SHA256

    d53cae28a57bf493d4a436e1677a50b879507d0f4fda2869524660672d9b2021

  • SHA512

    a6d1f7f49bb02808c01d9c4a79fec0066b51fbe8abdd302e7aa55f5e97e7994bc3f1ebc38ceaddd51c9be0773e396123ff1caeeadcfa6e44684271584ccb5f50

  • SSDEEP

    24576:XyaNJXPVWH4NyIPVOE8LwaXLAskEKXeo+Jtsll:XxP861PgLLwaX0skE9o+JCl

Malware Config

Targets

    • Target

      e54adeaee912f6c64b20c6a447ad6974_JaffaCakes118

    • Size

      860KB

    • MD5

      e54adeaee912f6c64b20c6a447ad6974

    • SHA1

      660c89e3562c780ce69d912c73ff7f406560c76d

    • SHA256

      d53cae28a57bf493d4a436e1677a50b879507d0f4fda2869524660672d9b2021

    • SHA512

      a6d1f7f49bb02808c01d9c4a79fec0066b51fbe8abdd302e7aa55f5e97e7994bc3f1ebc38ceaddd51c9be0773e396123ff1caeeadcfa6e44684271584ccb5f50

    • SSDEEP

      24576:XyaNJXPVWH4NyIPVOE8LwaXLAskEKXeo+Jtsll:XxP861PgLLwaX0skE9o+JCl

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks