General

  • Target

    f107e96bab115200f70ecab18535b89b_JaffaCakes118

  • Size

    250KB

  • Sample

    240415-petxtagd8y

  • MD5

    f107e96bab115200f70ecab18535b89b

  • SHA1

    568820c6d4c86a5cdf8fe33db3c6b1cb1dbfa336

  • SHA256

    6f5aaf73141a8d69b345be0ba4e6ab8d8ef3690a63425ee90fbe3ade22675fb2

  • SHA512

    d5054a175a637e4edbc7f6c8694b11855076ce4ca580063df226067853bcdb08b59daacbb8a68a760db75e483ca6b61fe0c92ac4cb6bbcf18e68007ffefb83ce

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5A49kUlx1QwdPGOuY:h1OgLdaOAk/lx1fdPv

Malware Config

Targets

    • Target

      f107e96bab115200f70ecab18535b89b_JaffaCakes118

    • Size

      250KB

    • MD5

      f107e96bab115200f70ecab18535b89b

    • SHA1

      568820c6d4c86a5cdf8fe33db3c6b1cb1dbfa336

    • SHA256

      6f5aaf73141a8d69b345be0ba4e6ab8d8ef3690a63425ee90fbe3ade22675fb2

    • SHA512

      d5054a175a637e4edbc7f6c8694b11855076ce4ca580063df226067853bcdb08b59daacbb8a68a760db75e483ca6b61fe0c92ac4cb6bbcf18e68007ffefb83ce

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5A49kUlx1QwdPGOuY:h1OgLdaOAk/lx1fdPv

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks