General

  • Target

    06968b327caf1ec29a719577d53c7d79_JaffaCakes118

  • Size

    642KB

  • Sample

    240429-ck7pmsfb64

  • MD5

    06968b327caf1ec29a719577d53c7d79

  • SHA1

    3cd5d929287221e05d964c6eb309dc1407289961

  • SHA256

    64227043d81f041fa7786eadd3761e72019c7961e1205888ba522e8caccf8cf6

  • SHA512

    04663b6dd898ed475f2721289372a18b77ab4b490e06da5db1695b524b03eebb54fce40514494c7a0cc8c7d74af2600fccba596b1ca2e0d5cae659343c5bd4eb

  • SSDEEP

    12288:0AwBgQyyc5UeN9YcPUuCq+4hG4jLgZFtJApk/dJjFE:0Yyc5Ue9HP3fE4jLgFtaadZm

Malware Config

Targets

    • Target

      06968b327caf1ec29a719577d53c7d79_JaffaCakes118

    • Size

      642KB

    • MD5

      06968b327caf1ec29a719577d53c7d79

    • SHA1

      3cd5d929287221e05d964c6eb309dc1407289961

    • SHA256

      64227043d81f041fa7786eadd3761e72019c7961e1205888ba522e8caccf8cf6

    • SHA512

      04663b6dd898ed475f2721289372a18b77ab4b490e06da5db1695b524b03eebb54fce40514494c7a0cc8c7d74af2600fccba596b1ca2e0d5cae659343c5bd4eb

    • SSDEEP

      12288:0AwBgQyyc5UeN9YcPUuCq+4hG4jLgZFtJApk/dJjFE:0Yyc5Ue9HP3fE4jLgFtaadZm

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks