General

  • Target

    7f51d03ebd2387b5b1549be249c52328_JaffaCakes118

  • Size

    11.0MB

  • Sample

    240529-dq5b5sgd21

  • MD5

    7f51d03ebd2387b5b1549be249c52328

  • SHA1

    87623d4796fda5a739444c2b4e8fdb2ed65396e1

  • SHA256

    abedb8a9a237e4cbecf61e12641a600a8b5953d72b061376e96c515b319707df

  • SHA512

    358af2cb13a3a9ff72127e163db7baede4346300f01cc9f51b0abdcb6a5348b91966b31d6615b1aa3757f655353e0faac55d3f92751592c9816b12afc552c578

  • SSDEEP

    196608:YSkLwS2AJ9onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPvznbWD5DT8TbM58CGsHtX:YpJ9c5hlER2MRFJzFcguYtN3ZWDKibMz

Malware Config

Targets

    • Target

      7f51d03ebd2387b5b1549be249c52328_JaffaCakes118

    • Size

      11.0MB

    • MD5

      7f51d03ebd2387b5b1549be249c52328

    • SHA1

      87623d4796fda5a739444c2b4e8fdb2ed65396e1

    • SHA256

      abedb8a9a237e4cbecf61e12641a600a8b5953d72b061376e96c515b319707df

    • SHA512

      358af2cb13a3a9ff72127e163db7baede4346300f01cc9f51b0abdcb6a5348b91966b31d6615b1aa3757f655353e0faac55d3f92751592c9816b12afc552c578

    • SSDEEP

      196608:YSkLwS2AJ9onJ5hrZER2M+ENFJzFcguY48RmU/3ZlsPvznbWD5DT8TbM58CGsHtX:YpJ9c5hlER2MRFJzFcguYtN3ZWDKibMz

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks