General

  • Target

    40469bb82dc14a99ae488dcf2757fcfe_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240513-tfxsbadh54

  • MD5

    40469bb82dc14a99ae488dcf2757fcfe

  • SHA1

    281db0a9f73490389be3bc83e0677f7442192943

  • SHA256

    21f1f3f4d6eb97956fdb931880e53f91c45abf0f823b8860974839ab01f464d4

  • SHA512

    86e066f967b6dc92cd82b2ad119322d29bfaa71630b6bfeeb8fecda8b279b523025de9416abe6d65978a53d6e54c44f9ffce2fa56850af4f6afc929543c8fd4f

  • SSDEEP

    24576:yGJPEfiWgy38XQ4zmwAMtqDN3WPqafHxbzK:J+7g+8K0qaBzK

Malware Config

Targets

    • Target

      40469bb82dc14a99ae488dcf2757fcfe_JaffaCakes118

    • Size

      1.1MB

    • MD5

      40469bb82dc14a99ae488dcf2757fcfe

    • SHA1

      281db0a9f73490389be3bc83e0677f7442192943

    • SHA256

      21f1f3f4d6eb97956fdb931880e53f91c45abf0f823b8860974839ab01f464d4

    • SHA512

      86e066f967b6dc92cd82b2ad119322d29bfaa71630b6bfeeb8fecda8b279b523025de9416abe6d65978a53d6e54c44f9ffce2fa56850af4f6afc929543c8fd4f

    • SSDEEP

      24576:yGJPEfiWgy38XQ4zmwAMtqDN3WPqafHxbzK:J+7g+8K0qaBzK

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Process Discovery

1
T1057

Collection

Email Collection

1
T1114

Tasks