General

  • Target

    e5aa30c5c43a90358a4b0d31631e8c16_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240407-xy6dyscd63

  • MD5

    e5aa30c5c43a90358a4b0d31631e8c16

  • SHA1

    501378026f1b824736608f33f171be07b0a49d2b

  • SHA256

    f8f184f09de9257184678e82ef75eb31e7e06a84bb59dad981dcbae49167a4d0

  • SHA512

    0d452aabd6209201298f28ebbe7f57823d3462c1011f9a2d302edbf195dc0757ada5b80a4f5817c8b03cac450579effe74e89c465be855fcde68fa443c90b899

  • SSDEEP

    49152:IUKsmglYrRXMc9qqa/IZbxVfQTKOkfSg:I0Y9Xb9q1/IZbxI

Malware Config

Targets

    • Target

      e5aa30c5c43a90358a4b0d31631e8c16_JaffaCakes118

    • Size

      1.7MB

    • MD5

      e5aa30c5c43a90358a4b0d31631e8c16

    • SHA1

      501378026f1b824736608f33f171be07b0a49d2b

    • SHA256

      f8f184f09de9257184678e82ef75eb31e7e06a84bb59dad981dcbae49167a4d0

    • SHA512

      0d452aabd6209201298f28ebbe7f57823d3462c1011f9a2d302edbf195dc0757ada5b80a4f5817c8b03cac450579effe74e89c465be855fcde68fa443c90b899

    • SSDEEP

      49152:IUKsmglYrRXMc9qqa/IZbxVfQTKOkfSg:I0Y9Xb9q1/IZbxI

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks