General

  • Target

    e6b5572e56e33102ab37332767d95952_JaffaCakes118

  • Size

    124KB

  • Sample

    240408-fxbdrahe98

  • MD5

    e6b5572e56e33102ab37332767d95952

  • SHA1

    5866b15b2985b7f53d1d44d5e6899beb631c15a1

  • SHA256

    a92dbfd52b23a42020e4470ffa8b3dd1199acfad7a84dae298a047b904f31710

  • SHA512

    1cef3bf717247c87efed9f5467ee733584b83126cf6c18fae6d187a8bb5666ad65dc16f0c93f120ec45362e7f3c0860dd66f6030574faf99f02583253bbfdb34

  • SSDEEP

    3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml

Malware Config

Targets

    • Target

      e6b5572e56e33102ab37332767d95952_JaffaCakes118

    • Size

      124KB

    • MD5

      e6b5572e56e33102ab37332767d95952

    • SHA1

      5866b15b2985b7f53d1d44d5e6899beb631c15a1

    • SHA256

      a92dbfd52b23a42020e4470ffa8b3dd1199acfad7a84dae298a047b904f31710

    • SHA512

      1cef3bf717247c87efed9f5467ee733584b83126cf6c18fae6d187a8bb5666ad65dc16f0c93f120ec45362e7f3c0860dd66f6030574faf99f02583253bbfdb34

    • SSDEEP

      3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

1
T1552.001

Credentials in Registry

1
T1552.002

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks