General
-
Target
f9cf05712fffd6e55d3671f89c85acf1_JaffaCakes118
-
Size
521KB
-
Sample
240419-jbvgaacg7z
-
MD5
f9cf05712fffd6e55d3671f89c85acf1
-
SHA1
114057b58d260aebff482e11e9a3084a9440e5b2
-
SHA256
846c04afb140c84156954c9643d454629ad28871707d1b543262a049e6dbed56
-
SHA512
24efdf32305c2488a34233260f6bb78bebc06c10788d0ee966d00f058c2f1ff4b9374ea447f102b8f836aa2d3e1e6765e3da959521d8ab0c0edd04e5f07912da
-
SSDEEP
6144:925mswOyIZjyMrmhc2Taw2aOt2da2k78qh90GiTwXw35lk9jgvy89:92wRIZgxOJDz9fA35lk9N
Malware Config
Targets
-
-
Target
f9cf05712fffd6e55d3671f89c85acf1_JaffaCakes118
-
Size
521KB
-
MD5
f9cf05712fffd6e55d3671f89c85acf1
-
SHA1
114057b58d260aebff482e11e9a3084a9440e5b2
-
SHA256
846c04afb140c84156954c9643d454629ad28871707d1b543262a049e6dbed56
-
SHA512
24efdf32305c2488a34233260f6bb78bebc06c10788d0ee966d00f058c2f1ff4b9374ea447f102b8f836aa2d3e1e6765e3da959521d8ab0c0edd04e5f07912da
-
SSDEEP
6144:925mswOyIZjyMrmhc2Taw2aOt2da2k78qh90GiTwXw35lk9jgvy89:92wRIZgxOJDz9fA35lk9N
Score10/10-
UAC bypass
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1