General

  • Target

    0570bc2701b9476147a23df169de06a1_JaffaCakes118

  • Size

    394KB

  • Sample

    240428-r9rr2sac36

  • MD5

    0570bc2701b9476147a23df169de06a1

  • SHA1

    3f62793a1cef18b670ee9d85c92b7f5e2789b82a

  • SHA256

    111d372ee1fbc5d1b6b43467954cbb30f06e042d00808778aca8ca61e16ac172

  • SHA512

    b5dc2d872302670c140b3c4e94ade78dd8d860d6ff23297fe16754a3229072d456f0472e838094be893fa198f7d32fafd58a72a96108d8d55de04c9e43ce9c14

  • SSDEEP

    12288:EqXPvRxTcOonD0kV3kEhKizNYErP5Iu0nm:E4n/DsDndKcNYEFpkm

Malware Config

Targets

    • Target

      0570bc2701b9476147a23df169de06a1_JaffaCakes118

    • Size

      394KB

    • MD5

      0570bc2701b9476147a23df169de06a1

    • SHA1

      3f62793a1cef18b670ee9d85c92b7f5e2789b82a

    • SHA256

      111d372ee1fbc5d1b6b43467954cbb30f06e042d00808778aca8ca61e16ac172

    • SHA512

      b5dc2d872302670c140b3c4e94ade78dd8d860d6ff23297fe16754a3229072d456f0472e838094be893fa198f7d32fafd58a72a96108d8d55de04c9e43ce9c14

    • SSDEEP

      12288:EqXPvRxTcOonD0kV3kEhKizNYErP5Iu0nm:E4n/DsDndKcNYEFpkm

    • Identifies Xen via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks