General

  • Target

    b5e2d1b9369223d47b30b95802c80fa4_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240617-ac5tzayfrm

  • MD5

    b5e2d1b9369223d47b30b95802c80fa4

  • SHA1

    f4b46296db343e9b47b3bc25cb4e765cabc59800

  • SHA256

    ce3ffa8aafe576656f8b69cbc11b033eb310f3f38d3e573a3d3d99b7665fbe23

  • SHA512

    85504ca38f1afcbaf3a897f3cb48b73f5923deff7c93f38da0763c29d9dffbb5a700fe43fe1ff93a4022b74b92721b411cad650662a4838e3fe9e43680ef6d79

  • SSDEEP

    98304:efw2E8Kp2K+HLsOga4bHUvL5QV/teIg9tQe:efTfKcmHUvaV0Ig9b

Malware Config

Targets

    • Target

      b5e2d1b9369223d47b30b95802c80fa4_JaffaCakes118

    • Size

      4.1MB

    • MD5

      b5e2d1b9369223d47b30b95802c80fa4

    • SHA1

      f4b46296db343e9b47b3bc25cb4e765cabc59800

    • SHA256

      ce3ffa8aafe576656f8b69cbc11b033eb310f3f38d3e573a3d3d99b7665fbe23

    • SHA512

      85504ca38f1afcbaf3a897f3cb48b73f5923deff7c93f38da0763c29d9dffbb5a700fe43fe1ff93a4022b74b92721b411cad650662a4838e3fe9e43680ef6d79

    • SSDEEP

      98304:efw2E8Kp2K+HLsOga4bHUvL5QV/teIg9tQe:efTfKcmHUvaV0Ig9b

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks