General
-
Target
0809b64d5e0407700f591840aef3fd79_JaffaCakes118
-
Size
207KB
-
Sample
240429-tan8zsed25
-
MD5
0809b64d5e0407700f591840aef3fd79
-
SHA1
d340eabcc939fa8b3871c4bacc2635a384d33b46
-
SHA256
e9f6784128f4f612226ffb8ff4814b88927fa281cf8b1d079b1b92198f5fcd7a
-
SHA512
99fb7cb84a798a8463193096c9accf96ecd39b68f4eda8ccf1320aea73928ee1091a723205c9f8cdc34234630d81d507f49ebb7119f92689f2c4689d527a0dab
-
SSDEEP
6144:4QlH5G6dWG7MV+S69PTQjUm5GD/bqkGPXlk9+H:TS69PTNDmkGP
Malware Config
Targets
-
-
Target
0809b64d5e0407700f591840aef3fd79_JaffaCakes118
-
Size
207KB
-
MD5
0809b64d5e0407700f591840aef3fd79
-
SHA1
d340eabcc939fa8b3871c4bacc2635a384d33b46
-
SHA256
e9f6784128f4f612226ffb8ff4814b88927fa281cf8b1d079b1b92198f5fcd7a
-
SHA512
99fb7cb84a798a8463193096c9accf96ecd39b68f4eda8ccf1320aea73928ee1091a723205c9f8cdc34234630d81d507f49ebb7119f92689f2c4689d527a0dab
-
SSDEEP
6144:4QlH5G6dWG7MV+S69PTQjUm5GD/bqkGPXlk9+H:TS69PTNDmkGP
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-