General

  • Target

    188debc6e602735db40b63dc7842be48_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240505-vfxyraaf28

  • MD5

    188debc6e602735db40b63dc7842be48

  • SHA1

    41b2f74e2d4bda6378da829c8f486338d439c2ed

  • SHA256

    2619a7f6787412012ec4d3eb0bf909aa9b34d2c0a94d35af5a2b05baa21ea5ae

  • SHA512

    22625eef4d106b1dd3b1c2d45f072710fdf805c07cd122f222c5e9d10618df40a7324655620c676995629224158308895edb8699a06bad66a5c429cd6a10791f

  • SSDEEP

    12288:mEc4Zs866fwoPuMwBmfBPYqqHPWiLWOfVHtbIw6AOvTwuyH3kV3YzGJ:mEcy0sHWmpPQWiLWOX2TD3YzG

Malware Config

Targets

    • Target

      188debc6e602735db40b63dc7842be48_JaffaCakes118

    • Size

      1.2MB

    • MD5

      188debc6e602735db40b63dc7842be48

    • SHA1

      41b2f74e2d4bda6378da829c8f486338d439c2ed

    • SHA256

      2619a7f6787412012ec4d3eb0bf909aa9b34d2c0a94d35af5a2b05baa21ea5ae

    • SHA512

      22625eef4d106b1dd3b1c2d45f072710fdf805c07cd122f222c5e9d10618df40a7324655620c676995629224158308895edb8699a06bad66a5c429cd6a10791f

    • SSDEEP

      12288:mEc4Zs866fwoPuMwBmfBPYqqHPWiLWOfVHtbIw6AOvTwuyH3kV3YzGJ:mEcy0sHWmpPQWiLWOX2TD3YzG

    • M00nd3v_Logger

      M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • M00nD3v Logger payload

      Detects M00nD3v Logger payload in memory.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks