General

  • Target

    e5cd082c2042448c1783e55375ad0da1_JaffaCakes118

  • Size

    387KB

  • Sample

    240407-zczemadh2w

  • MD5

    e5cd082c2042448c1783e55375ad0da1

  • SHA1

    bbd687e5ee1107f89019fddc392e73aad7f9d355

  • SHA256

    8c6fbd37b07a148285f99c241ab91eff59323a6d2773e3bb5df05a25c641c16c

  • SHA512

    2cb83c64051a055a02d68891faf353a3f7de6c5af15b5693cbdf75c5b3ecdcd72b5cc184155c90b753427263531cb39480e0802b384c3db8e3227d1ad986f2f2

  • SSDEEP

    12288:yq8oVQNGBGkd0hjS+b1AOjcqr7Z4Dbvl:V8oDVSU+beODmP

Score
7/10

Malware Config

Targets

    • Target

      e5cd082c2042448c1783e55375ad0da1_JaffaCakes118

    • Size

      387KB

    • MD5

      e5cd082c2042448c1783e55375ad0da1

    • SHA1

      bbd687e5ee1107f89019fddc392e73aad7f9d355

    • SHA256

      8c6fbd37b07a148285f99c241ab91eff59323a6d2773e3bb5df05a25c641c16c

    • SHA512

      2cb83c64051a055a02d68891faf353a3f7de6c5af15b5693cbdf75c5b3ecdcd72b5cc184155c90b753427263531cb39480e0802b384c3db8e3227d1ad986f2f2

    • SSDEEP

      12288:yq8oVQNGBGkd0hjS+b1AOjcqr7Z4Dbvl:V8oDVSU+beODmP

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks