General

  • Target

    5506fb6a168f43d7059875a06679a653_JaffaCakes118

  • Size

    292KB

  • Sample

    240518-q5lvkaed8s

  • MD5

    5506fb6a168f43d7059875a06679a653

  • SHA1

    afa9fb361969af1a03ad807720f25d426e8a8e39

  • SHA256

    c0bd1e78b094f76b74de5d19080693f87623729a145e097231e2206dfb81cce8

  • SHA512

    a7556984b80f0214ea2a2f6334d90d91e3e44117f31b1d29b2f7090c0e73c588121e059a3a108aa728d3b72a75f4990a194c1bd8f4e20ae5f47f0c347a9ee03d

  • SSDEEP

    3072:L1Ea8ZpUVmYrrFc74+he3IPzQQGcnQGlYoZI3/i3aMda4vWgjAJjGWaBIo/E:P8K9FcE+he3uGcnpYk2R48juIYE

Malware Config

Targets

    • Target

      5506fb6a168f43d7059875a06679a653_JaffaCakes118

    • Size

      292KB

    • MD5

      5506fb6a168f43d7059875a06679a653

    • SHA1

      afa9fb361969af1a03ad807720f25d426e8a8e39

    • SHA256

      c0bd1e78b094f76b74de5d19080693f87623729a145e097231e2206dfb81cce8

    • SHA512

      a7556984b80f0214ea2a2f6334d90d91e3e44117f31b1d29b2f7090c0e73c588121e059a3a108aa728d3b72a75f4990a194c1bd8f4e20ae5f47f0c347a9ee03d

    • SSDEEP

      3072:L1Ea8ZpUVmYrrFc74+he3IPzQQGcnQGlYoZI3/i3aMda4vWgjAJjGWaBIo/E:P8K9FcE+he3uGcnpYk2R48juIYE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks