General
-
Target
6da9dcda10b9142eba7385a531a0e390_JaffaCakes118
-
Size
280KB
-
Sample
240524-hprf4sha8v
-
MD5
6da9dcda10b9142eba7385a531a0e390
-
SHA1
4115f6ca5c4dc84acc76c40a37fb4067dc41963b
-
SHA256
1ff96a090a1a1d31dd8e13e59520c4ac5b323e0db7e7993e3b69349e3497afc3
-
SHA512
b63721623bda397b4c9685aedbc32b77f3052d7e61c5f4a9b8c790cb1edf2cf76f4640a29f4801748d66d2718f05a89dde86c33d3fb604ddd061b70640a16f38
-
SSDEEP
3072:F3uqtizlHWbPVt1aVfHfSBrEFUPnr6rHaS9y1TOhJeY4/IWW2EXVgwyvPDmsc01j:F3uD8doHqBrEFwr6bao+welXWgwGi7M
Malware Config
Targets
-
-
Target
6da9dcda10b9142eba7385a531a0e390_JaffaCakes118
-
Size
280KB
-
MD5
6da9dcda10b9142eba7385a531a0e390
-
SHA1
4115f6ca5c4dc84acc76c40a37fb4067dc41963b
-
SHA256
1ff96a090a1a1d31dd8e13e59520c4ac5b323e0db7e7993e3b69349e3497afc3
-
SHA512
b63721623bda397b4c9685aedbc32b77f3052d7e61c5f4a9b8c790cb1edf2cf76f4640a29f4801748d66d2718f05a89dde86c33d3fb604ddd061b70640a16f38
-
SSDEEP
3072:F3uqtizlHWbPVt1aVfHfSBrEFUPnr6rHaS9y1TOhJeY4/IWW2EXVgwyvPDmsc01j:F3uD8doHqBrEFwr6bao+welXWgwGi7M
Score7/10-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-