General
-
Target
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118
-
Size
47KB
-
Sample
240418-wr668sba66
-
MD5
f87f80ac20692d98173fa85cff1d53d4
-
SHA1
d9b54a5cd4459f8624fd9ec3bd868ef0e7028741
-
SHA256
939a78eb46838db8dedfb5a5fae5619cb7462093c12e9cb21e7f571d5e21dec0
-
SHA512
143942407b35cbe63fef9c5392d98626747363e5c716cf6cfe04bcf9fb782c7d4de3ede985da5fa9b3b46f360739edf7a8b6f07b5098476de31a9cf464b53113
-
SSDEEP
768:aCbz5H3N6XTeWgGfBy2XrrLg9liGqv4lyPhSfXwfiAhIBbFVMn11xYvsft9L/x43:aizJN6XTtg+ByJjTNyPhSPwfi8mVMn1K
Malware Config
Targets
-
-
Target
f87f80ac20692d98173fa85cff1d53d4_JaffaCakes118
-
Size
47KB
-
MD5
f87f80ac20692d98173fa85cff1d53d4
-
SHA1
d9b54a5cd4459f8624fd9ec3bd868ef0e7028741
-
SHA256
939a78eb46838db8dedfb5a5fae5619cb7462093c12e9cb21e7f571d5e21dec0
-
SHA512
143942407b35cbe63fef9c5392d98626747363e5c716cf6cfe04bcf9fb782c7d4de3ede985da5fa9b3b46f360739edf7a8b6f07b5098476de31a9cf464b53113
-
SSDEEP
768:aCbz5H3N6XTeWgGfBy2XrrLg9liGqv4lyPhSfXwfiAhIBbFVMn11xYvsft9L/x43:aizJN6XTtg+ByJjTNyPhSPwfi8mVMn1K
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-