General
-
Target
f37420f662960f129e38dc7d42445480_JaffaCakes118
-
Size
332KB
-
Sample
240416-n68plshg88
-
MD5
f37420f662960f129e38dc7d42445480
-
SHA1
919f459416fc2a9fb00a3eb39982dde727134329
-
SHA256
b25bb72eff74e3928001bbfe7c6f310d92f92b51623a3a84b1556231bfc5fc30
-
SHA512
cdb8dadda4dff39caf9edcdc0556531b7dace3b136ecc99caff73b6daa04f36a0e75f0863fdbbe94dcfd6e8727221b935ca557031c41d490071bed1e2ce9cb58
-
SSDEEP
6144:fHRoNQ9Oc7YLBYa/HyvGmqjVcyFC5Gjq4xZm5JhXRGdr+T:fxoEBKnzjqyF0Gj/+ThhE
Malware Config
Targets
-
-
Target
f37420f662960f129e38dc7d42445480_JaffaCakes118
-
Size
332KB
-
MD5
f37420f662960f129e38dc7d42445480
-
SHA1
919f459416fc2a9fb00a3eb39982dde727134329
-
SHA256
b25bb72eff74e3928001bbfe7c6f310d92f92b51623a3a84b1556231bfc5fc30
-
SHA512
cdb8dadda4dff39caf9edcdc0556531b7dace3b136ecc99caff73b6daa04f36a0e75f0863fdbbe94dcfd6e8727221b935ca557031c41d490071bed1e2ce9cb58
-
SSDEEP
6144:fHRoNQ9Oc7YLBYa/HyvGmqjVcyFC5Gjq4xZm5JhXRGdr+T:fxoEBKnzjqyF0Gj/+ThhE
Score8/10-
Disables taskbar notifications via registry modification
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1