General

  • Target

    a84bcbbfddc66f6cdbfee2ed6423b521_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240614-g228pssaql

  • MD5

    a84bcbbfddc66f6cdbfee2ed6423b521

  • SHA1

    f96165dcd8f5bbb8533e2a83aa87ffe303035bf1

  • SHA256

    3072d27680eb4ba724f426d47e5e6c8af5195ae1b7f2e23d9c9c65e7d8dec386

  • SHA512

    3f54d5783427dad72d1e78a1d243879265fe3cb54399876f58080d68c919ea728df85d0ab75d2e99beeb32bf3b60b2d8d1a96528f111af1d2e7e8c0f244a190a

  • SSDEEP

    24576:IUv2x/tsi8u/KljQdL9Z5PP0VEOH2JA59WFmKM4DKjS9jLYOxR4ITOF6cjHkW:b8rYyzIwgwkS9vzxqITc6OL

Malware Config

Targets

    • Target

      a84bcbbfddc66f6cdbfee2ed6423b521_JaffaCakes118

    • Size

      1.5MB

    • MD5

      a84bcbbfddc66f6cdbfee2ed6423b521

    • SHA1

      f96165dcd8f5bbb8533e2a83aa87ffe303035bf1

    • SHA256

      3072d27680eb4ba724f426d47e5e6c8af5195ae1b7f2e23d9c9c65e7d8dec386

    • SHA512

      3f54d5783427dad72d1e78a1d243879265fe3cb54399876f58080d68c919ea728df85d0ab75d2e99beeb32bf3b60b2d8d1a96528f111af1d2e7e8c0f244a190a

    • SSDEEP

      24576:IUv2x/tsi8u/KljQdL9Z5PP0VEOH2JA59WFmKM4DKjS9jLYOxR4ITOF6cjHkW:b8rYyzIwgwkS9vzxqITc6OL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks