General

  • Target

    bc0b5a982af034d2b6d5992e0af86a71_JaffaCakes118

  • Size

    373KB

  • Sample

    240618-p5pe1sthpc

  • MD5

    bc0b5a982af034d2b6d5992e0af86a71

  • SHA1

    719b9930f141a56b38fb1d1d777581ed22f0f128

  • SHA256

    1fad493e5bec3273b266272bdc673488f31282867da9b5a9d98c9d1f563a8e99

  • SHA512

    99a63e1b2c307795ef4b8c4e23f64cdd0b33be8e59694b98c0f55e608616d2e50e591f11af90bcf3378838484a20694aa552cf22aeebb3ee2fd876cea5239f2b

  • SSDEEP

    6144:qqt9UsmIfTCTY1izHdALgR1aFLx4EM5HwKtayP8mGduwkL0Tzao9s:FGsmof86LIYFLWHwKAyPWuwc0vi

Malware Config

Targets

    • Target

      bc0b5a982af034d2b6d5992e0af86a71_JaffaCakes118

    • Size

      373KB

    • MD5

      bc0b5a982af034d2b6d5992e0af86a71

    • SHA1

      719b9930f141a56b38fb1d1d777581ed22f0f128

    • SHA256

      1fad493e5bec3273b266272bdc673488f31282867da9b5a9d98c9d1f563a8e99

    • SHA512

      99a63e1b2c307795ef4b8c4e23f64cdd0b33be8e59694b98c0f55e608616d2e50e591f11af90bcf3378838484a20694aa552cf22aeebb3ee2fd876cea5239f2b

    • SSDEEP

      6144:qqt9UsmIfTCTY1izHdALgR1aFLx4EM5HwKtayP8mGduwkL0Tzao9s:FGsmof86LIYFLWHwKAyPWuwc0vi

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks