General

  • Target

    a2cfa61a44230f81354efe9aa903fc80_JaffaCakes118

  • Size

    195KB

  • Sample

    240612-2w5f4axgkj

  • MD5

    a2cfa61a44230f81354efe9aa903fc80

  • SHA1

    f77a12cc89754c310e0e50cf6bb7be04f0e1ef78

  • SHA256

    1819930f82f6f62e20fc9354adf15972cacc722bfd00c8ed504d93cc244abc9e

  • SHA512

    1da2c901ca8425da7efef2eab51e1f251d442b05a3d452e7dbe5caa9677f7711e56808a2c6f988c69e52c58cfc79e2692be9913f397600f18a51655bf5373baf

  • SSDEEP

    3072:AMLTvZGQpv5CZ8L9xCk9sDouyd4v7DrMffOloB5+kE0ASxTj4pYFbhfet69Hlz:dLTRGS3xCYWjMffOloB5ia4WH

Malware Config

Targets

    • Target

      a2cfa61a44230f81354efe9aa903fc80_JaffaCakes118

    • Size

      195KB

    • MD5

      a2cfa61a44230f81354efe9aa903fc80

    • SHA1

      f77a12cc89754c310e0e50cf6bb7be04f0e1ef78

    • SHA256

      1819930f82f6f62e20fc9354adf15972cacc722bfd00c8ed504d93cc244abc9e

    • SHA512

      1da2c901ca8425da7efef2eab51e1f251d442b05a3d452e7dbe5caa9677f7711e56808a2c6f988c69e52c58cfc79e2692be9913f397600f18a51655bf5373baf

    • SSDEEP

      3072:AMLTvZGQpv5CZ8L9xCk9sDouyd4v7DrMffOloB5+kE0ASxTj4pYFbhfet69Hlz:dLTRGS3xCYWjMffOloB5ia4WH

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks