General
-
Target
3387d4ae4a53d1e40801acc8b1ef7128_JaffaCakes118
-
Size
4.6MB
-
Sample
240511-jq9vhseg8z
-
MD5
3387d4ae4a53d1e40801acc8b1ef7128
-
SHA1
a6bb83b5205ec074d89c856ba931fe930f0333ba
-
SHA256
d6e3df1b4420f3fb8a68c1394a3281eff2ee230e93cee3aa4dc7428a06df4bac
-
SHA512
219b8f3f94808a6b77386f9d588f214f8216e645edb940f5681e591d5798e32697315c63c067e8777c96e2cb3bec3def4e7b15e4ace675fef6cc3dc8dc8111c8
-
SSDEEP
98304:d05R6T1L9f6khkO1XtWUOLjS7b8WV6bfU7Sub89HAtJ2OtFAVA:dYRw7LqO1Xw1ju9B7EyHAm
Malware Config
Targets
-
-
Target
3387d4ae4a53d1e40801acc8b1ef7128_JaffaCakes118
-
Size
4.6MB
-
MD5
3387d4ae4a53d1e40801acc8b1ef7128
-
SHA1
a6bb83b5205ec074d89c856ba931fe930f0333ba
-
SHA256
d6e3df1b4420f3fb8a68c1394a3281eff2ee230e93cee3aa4dc7428a06df4bac
-
SHA512
219b8f3f94808a6b77386f9d588f214f8216e645edb940f5681e591d5798e32697315c63c067e8777c96e2cb3bec3def4e7b15e4ace675fef6cc3dc8dc8111c8
-
SSDEEP
98304:d05R6T1L9f6khkO1XtWUOLjS7b8WV6bfU7Sub89HAtJ2OtFAVA:dYRw7LqO1Xw1ju9B7EyHAm
Score8/10-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-