General

  • Target

    e5d59cb306df2e60b1a0495f8e9a5f77_JaffaCakes118

  • Size

    388KB

  • Sample

    240407-zpkr1aeb9z

  • MD5

    e5d59cb306df2e60b1a0495f8e9a5f77

  • SHA1

    09f54ae61bff98cd50f10be9447c3305827f0dc8

  • SHA256

    e0e3a5d3120111c560142d8f0521efc9479efd7bee628abc0588e49868d242ed

  • SHA512

    8115577a35b9e89406316117fbdf9eecdb1c617671d3192b451e6180e9176430f2501eea2cd09955e7c1b78c097bfff6788887987d521ef9d81b7a67835c9eea

  • SSDEEP

    6144:D4ouwNroFZ+z5x5bFvTmK/LtzhuKJ97FTxwO2Fq42Tx/Qx7x9sV4IR9lFklY3JMC:DDNkFa5fF7RTX979xwJyTW7DsVpCtCL

Malware Config

Targets

    • Target

      e5d59cb306df2e60b1a0495f8e9a5f77_JaffaCakes118

    • Size

      388KB

    • MD5

      e5d59cb306df2e60b1a0495f8e9a5f77

    • SHA1

      09f54ae61bff98cd50f10be9447c3305827f0dc8

    • SHA256

      e0e3a5d3120111c560142d8f0521efc9479efd7bee628abc0588e49868d242ed

    • SHA512

      8115577a35b9e89406316117fbdf9eecdb1c617671d3192b451e6180e9176430f2501eea2cd09955e7c1b78c097bfff6788887987d521ef9d81b7a67835c9eea

    • SSDEEP

      6144:D4ouwNroFZ+z5x5bFvTmK/LtzhuKJ97FTxwO2Fq42Tx/Qx7x9sV4IR9lFklY3JMC:DDNkFa5fF7RTX979xwJyTW7DsVpCtCL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks