General
-
Target
6a0dcc380e6d2f187f772481b8d32774_JaffaCakes118
-
Size
280KB
-
Sample
240523-hcypnage4z
-
MD5
6a0dcc380e6d2f187f772481b8d32774
-
SHA1
09e487475f6e6a593bdcdb40c91fcde94092bc75
-
SHA256
2960a3b291b4ec0f9f8b9f29766f3834ba8f99d277af473c9d1b132996ebd5c1
-
SHA512
55368b31cbb480561a4ab907b238b564baf6a3d5c14015a25f75cceda77bab863257f2a271b3826be717bd63f23ff1a51bc5dde61ac854c313941a3563ad1c33
-
SSDEEP
6144:yTvVQ0O8q6In/YGKulQ+asFNtQI6hIYE:yTvqV8a/eulfasShDE
Malware Config
Targets
-
-
Target
6a0dcc380e6d2f187f772481b8d32774_JaffaCakes118
-
Size
280KB
-
MD5
6a0dcc380e6d2f187f772481b8d32774
-
SHA1
09e487475f6e6a593bdcdb40c91fcde94092bc75
-
SHA256
2960a3b291b4ec0f9f8b9f29766f3834ba8f99d277af473c9d1b132996ebd5c1
-
SHA512
55368b31cbb480561a4ab907b238b564baf6a3d5c14015a25f75cceda77bab863257f2a271b3826be717bd63f23ff1a51bc5dde61ac854c313941a3563ad1c33
-
SSDEEP
6144:yTvVQ0O8q6In/YGKulQ+asFNtQI6hIYE:yTvqV8a/eulfasShDE
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-