General

  • Target

    3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118

  • Size

    525KB

  • Sample

    240510-wgb84sch69

  • MD5

    3050f4e4954811a6c0b01a429706a4f7

  • SHA1

    b45715196d8302c56610cd95b2b246169391aa68

  • SHA256

    19877426654096d35fa4a46656f35207fa19b3657c50c284cf601332243b9199

  • SHA512

    a2c45736c6b71cfcdf78bc7e840a17428ad5f1e23167bf7dbef48289317e93580c46ec65b6e8d7ded625f4d1024498ac2fd908cb2b47c15aa7fa6fcb74d69130

  • SSDEEP

    12288:ioQp2RoELtccvIjP9845Ss/krM6D8aSUAZph8ZAEMjoFzlmjs:7nbvS9840ssIGbSUArOmoRl5

Malware Config

Targets

    • Target

      3050f4e4954811a6c0b01a429706a4f7_JaffaCakes118

    • Size

      525KB

    • MD5

      3050f4e4954811a6c0b01a429706a4f7

    • SHA1

      b45715196d8302c56610cd95b2b246169391aa68

    • SHA256

      19877426654096d35fa4a46656f35207fa19b3657c50c284cf601332243b9199

    • SHA512

      a2c45736c6b71cfcdf78bc7e840a17428ad5f1e23167bf7dbef48289317e93580c46ec65b6e8d7ded625f4d1024498ac2fd908cb2b47c15aa7fa6fcb74d69130

    • SSDEEP

      12288:ioQp2RoELtccvIjP9845Ss/krM6D8aSUAZph8ZAEMjoFzlmjs:7nbvS9840ssIGbSUArOmoRl5

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook accounts

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks