General
-
Target
6a03ce9c474543fa16857b755e5e9f49_JaffaCakes118
-
Size
633KB
-
Sample
240523-g3y8fagb66
-
MD5
6a03ce9c474543fa16857b755e5e9f49
-
SHA1
fb78a545d1674271bac5a44cefbd6782a46a3941
-
SHA256
85e49bfd4b1b99d1dd84d9aa6d312358c842b792a9c479dd0669e5dbd2e6a7d8
-
SHA512
e8dd75ef1c7f47b38318e00549501d6cf7b7fb72900f4a45c84cc943a584b2fded8cf879cfa93a028daa5cb5c6a43b3b1b7c32140860aada1a559baf02104487
-
SSDEEP
12288:9Bzz1dUnRXbRzrSEKQXzf7TvUK/FhWKhRFwnXTl:Tz1dUnVRz7XzfvUK/FkhD
Malware Config
Targets
-
-
Target
6a03ce9c474543fa16857b755e5e9f49_JaffaCakes118
-
Size
633KB
-
MD5
6a03ce9c474543fa16857b755e5e9f49
-
SHA1
fb78a545d1674271bac5a44cefbd6782a46a3941
-
SHA256
85e49bfd4b1b99d1dd84d9aa6d312358c842b792a9c479dd0669e5dbd2e6a7d8
-
SHA512
e8dd75ef1c7f47b38318e00549501d6cf7b7fb72900f4a45c84cc943a584b2fded8cf879cfa93a028daa5cb5c6a43b3b1b7c32140860aada1a559baf02104487
-
SSDEEP
12288:9Bzz1dUnRXbRzrSEKQXzf7TvUK/FhWKhRFwnXTl:Tz1dUnVRz7XzfvUK/FkhD
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-