General
-
Target
0570bc2701b9476147a23df169de06a1_JaffaCakes118
-
Size
394KB
-
Sample
240428-r9rr2sac36
-
MD5
0570bc2701b9476147a23df169de06a1
-
SHA1
3f62793a1cef18b670ee9d85c92b7f5e2789b82a
-
SHA256
111d372ee1fbc5d1b6b43467954cbb30f06e042d00808778aca8ca61e16ac172
-
SHA512
b5dc2d872302670c140b3c4e94ade78dd8d860d6ff23297fe16754a3229072d456f0472e838094be893fa198f7d32fafd58a72a96108d8d55de04c9e43ce9c14
-
SSDEEP
12288:EqXPvRxTcOonD0kV3kEhKizNYErP5Iu0nm:E4n/DsDndKcNYEFpkm
Malware Config
Targets
-
-
Target
0570bc2701b9476147a23df169de06a1_JaffaCakes118
-
Size
394KB
-
MD5
0570bc2701b9476147a23df169de06a1
-
SHA1
3f62793a1cef18b670ee9d85c92b7f5e2789b82a
-
SHA256
111d372ee1fbc5d1b6b43467954cbb30f06e042d00808778aca8ca61e16ac172
-
SHA512
b5dc2d872302670c140b3c4e94ade78dd8d860d6ff23297fe16754a3229072d456f0472e838094be893fa198f7d32fafd58a72a96108d8d55de04c9e43ce9c14
-
SSDEEP
12288:EqXPvRxTcOonD0kV3kEhKizNYErP5Iu0nm:E4n/DsDndKcNYEFpkm
Score9/10-
Identifies Xen via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-