General
-
Target
6f38bcb2633aa6ab14d6bccd4d0ef41f_JaffaCakes118
-
Size
272KB
-
Sample
240524-vmcamadc47
-
MD5
6f38bcb2633aa6ab14d6bccd4d0ef41f
-
SHA1
9e258a20aa8834bda7c3c568c8e4c81e4bb6509f
-
SHA256
9a6764cf5d070c5651340125d90dbda11e09f62aa128f6571a36664ae91be9f1
-
SHA512
22aaced85caf885eeac9b715b961341fa24fab08646af87e0eb6e7aad5587266812ae7902c7e17e7fc9c60225a3d9744a32016fbc26225819dcff4f8337798b9
-
SSDEEP
6144:0IxLFmmc3lrVCHZFY3ORLoGBaIcLzRkqtIe4kmNl+rU3qTvLtPtzk:Vx5mmc3lrVCHTY+tJcLzObeSljqnT
Malware Config
Targets
-
-
Target
6f38bcb2633aa6ab14d6bccd4d0ef41f_JaffaCakes118
-
Size
272KB
-
MD5
6f38bcb2633aa6ab14d6bccd4d0ef41f
-
SHA1
9e258a20aa8834bda7c3c568c8e4c81e4bb6509f
-
SHA256
9a6764cf5d070c5651340125d90dbda11e09f62aa128f6571a36664ae91be9f1
-
SHA512
22aaced85caf885eeac9b715b961341fa24fab08646af87e0eb6e7aad5587266812ae7902c7e17e7fc9c60225a3d9744a32016fbc26225819dcff4f8337798b9
-
SSDEEP
6144:0IxLFmmc3lrVCHZFY3ORLoGBaIcLzRkqtIe4kmNl+rU3qTvLtPtzk:Vx5mmc3lrVCHTY+tJcLzObeSljqnT
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-