General
-
Target
90c1ca96660786fb2a12b5b07d4c8fd9_JaffaCakes118
-
Size
3.6MB
-
Sample
240603-gp2reafb69
-
MD5
90c1ca96660786fb2a12b5b07d4c8fd9
-
SHA1
e692ce97978666380886bb089358238100be84bb
-
SHA256
3d966ba83a832ae1c76ff14716925e6895777001064d42404fb86494571309ce
-
SHA512
84d3fdc8b8d3385bf3b271c44d3d97c262f5157ea9cdafd6803b5060040d32b3d0c8ab2868ca83161035813e55061cc13c598fc18ae831088a7ace23abaf86c8
-
SSDEEP
98304:lAfX4VspnQIzlUicRp7bWNrgTFZKVVjvvvisLf2IQzRRs:lAIRollcfbWNrkZKHt5Q9a
Malware Config
Targets
-
-
Target
90c1ca96660786fb2a12b5b07d4c8fd9_JaffaCakes118
-
Size
3.6MB
-
MD5
90c1ca96660786fb2a12b5b07d4c8fd9
-
SHA1
e692ce97978666380886bb089358238100be84bb
-
SHA256
3d966ba83a832ae1c76ff14716925e6895777001064d42404fb86494571309ce
-
SHA512
84d3fdc8b8d3385bf3b271c44d3d97c262f5157ea9cdafd6803b5060040d32b3d0c8ab2868ca83161035813e55061cc13c598fc18ae831088a7ace23abaf86c8
-
SSDEEP
98304:lAfX4VspnQIzlUicRp7bWNrgTFZKVVjvvvisLf2IQzRRs:lAIRollcfbWNrkZKHt5Q9a
Score8/10-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1