General
-
Target
28faa368667db6fb807bcd076540b4ce_JaffaCakes118
-
Size
168KB
-
Sample
240509-jklkqsga91
-
MD5
28faa368667db6fb807bcd076540b4ce
-
SHA1
6198383ff9f7b31227e474e1ce708de19f4063d9
-
SHA256
08dd171d4b2442841a848a071f967c0bc826e3872d6e3645d572f3eec3f30fee
-
SHA512
0347541eefd1463da49d090c52e5e994ee483162c1026c5f416a5486b0c09c79ef9379e649f6cfb2881eef26f37df5e3654815e798338e3efd5b954ba9f4d16d
-
SSDEEP
3072:wGOOmOfAM1yUfxXroJITYR5NR8tSuB/dvegSe+ckAKSDQ4JXzx8jyVJO:VOOmUAMAUfyAYRESQ/QRe/kiDjzx8j7
Malware Config
Targets
-
-
Target
decc.exe
-
Size
236KB
-
MD5
f0b5894cef25d606e1eac726d5182765
-
SHA1
e084575ed382e2ea3fca3525d71ac4cab5b11ab6
-
SHA256
0a0e44fa9d45a7ed0828aba140d7c4a727de5031049bd250733fbd4c71ae4008
-
SHA512
5edb6281c4d7efd73788457a07b75e4f7a267a883bd841470295f3be4efc8aab474169b4b2535e9a24043a9dd9e5bac12937f66b1801608cb54ddc4efc8a41da
-
SSDEEP
6144:DBZO7RzKciujxhlgL0ser2RWHAIL2loyEOjYscN/ogsP:Dq7dKciGxZrHQGsP
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-