General
-
Target
f92c7afe7f7f72ed1572cbabea7d3617_JaffaCakes118
-
Size
1.1MB
-
Sample
240419-bkgmsadc61
-
MD5
f92c7afe7f7f72ed1572cbabea7d3617
-
SHA1
61048e806abd49139f582e5ea516b14fd6df2d12
-
SHA256
1b2411a12b910d722f053bc61ca84dac6b244aed7157dad33cc631519d0528b8
-
SHA512
6b0d83d33de51827655107637aba8703de06219bbf284b9f54bed3085e67eddc6925fb17ac8b41fe4320ae3f5f1ada19b4c201bdf94711f7daf33c07a9091b85
-
SSDEEP
24576:Ch9w+rVpjjyTFR62GaAwffWaYMdc/qRNxHE4vjJTDWz+xiN:G9wYpw/59kqR3EYJyz+IN
Malware Config
Targets
-
-
Target
f92c7afe7f7f72ed1572cbabea7d3617_JaffaCakes118
-
Size
1.1MB
-
MD5
f92c7afe7f7f72ed1572cbabea7d3617
-
SHA1
61048e806abd49139f582e5ea516b14fd6df2d12
-
SHA256
1b2411a12b910d722f053bc61ca84dac6b244aed7157dad33cc631519d0528b8
-
SHA512
6b0d83d33de51827655107637aba8703de06219bbf284b9f54bed3085e67eddc6925fb17ac8b41fe4320ae3f5f1ada19b4c201bdf94711f7daf33c07a9091b85
-
SSDEEP
24576:Ch9w+rVpjjyTFR62GaAwffWaYMdc/qRNxHE4vjJTDWz+xiN:G9wYpw/59kqR3EYJyz+IN
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-