General
-
Target
2d06ca24a0ebb1ede316a6340d92cebd_JaffaCakes118
-
Size
280KB
-
Sample
240510-dkb4eaae28
-
MD5
2d06ca24a0ebb1ede316a6340d92cebd
-
SHA1
37499d29889dc73d2f8fc3af452b586a7b176451
-
SHA256
5839d2af545113faec140c3e79f41ba83bdca4ed6b7a4978768c98fbdc99b7fa
-
SHA512
71a3529da1b2575e65919cce03fd90dd61f6c8cc6566580a285e50b729aa410b45081d2136231825708546271f1368cad869c5dc1513ba39e62ddcc034ac0634
-
SSDEEP
6144:o66eOg53/K/XBfwJzmVLFjEC95DIaciEorfGZIYE:oJw53/4B84Zjn9VIacijrGZDE
Malware Config
Targets
-
-
Target
2d06ca24a0ebb1ede316a6340d92cebd_JaffaCakes118
-
Size
280KB
-
MD5
2d06ca24a0ebb1ede316a6340d92cebd
-
SHA1
37499d29889dc73d2f8fc3af452b586a7b176451
-
SHA256
5839d2af545113faec140c3e79f41ba83bdca4ed6b7a4978768c98fbdc99b7fa
-
SHA512
71a3529da1b2575e65919cce03fd90dd61f6c8cc6566580a285e50b729aa410b45081d2136231825708546271f1368cad869c5dc1513ba39e62ddcc034ac0634
-
SSDEEP
6144:o66eOg53/K/XBfwJzmVLFjEC95DIaciEorfGZIYE:oJw53/4B84Zjn9VIacijrGZDE
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-