General

  • Target

    0460e456ec3be3138dd98536115b8912_JaffaCakes118

  • Size

    815KB

  • Sample

    240622-3ftv4atdqm

  • MD5

    0460e456ec3be3138dd98536115b8912

  • SHA1

    a67b3460bfe84f5976c760eac7430ef20ca6f154

  • SHA256

    9c1538ceabd214d207f42dad601fe951921db09cda4487f3cdb53de68ed0e100

  • SHA512

    343b3c8fac5f770bdc54ec227dd75b0b1b97fe8659add67f650ef45042ddd705e0f22c90801c8b24bc3d2c6d752cc48f3c838d73a226e75362a674007b6db284

  • SSDEEP

    12288:L/XHrKkxV/K7iPdDyK5Z52da+XV7HHMPp9c6uIf6bj0Byc8ooCothg4:L/XrKko7OdDyKKdJnMxC/bjuh8lg

Malware Config

Targets

    • Target

      0460e456ec3be3138dd98536115b8912_JaffaCakes118

    • Size

      815KB

    • MD5

      0460e456ec3be3138dd98536115b8912

    • SHA1

      a67b3460bfe84f5976c760eac7430ef20ca6f154

    • SHA256

      9c1538ceabd214d207f42dad601fe951921db09cda4487f3cdb53de68ed0e100

    • SHA512

      343b3c8fac5f770bdc54ec227dd75b0b1b97fe8659add67f650ef45042ddd705e0f22c90801c8b24bc3d2c6d752cc48f3c838d73a226e75362a674007b6db284

    • SSDEEP

      12288:L/XHrKkxV/K7iPdDyK5Z52da+XV7HHMPp9c6uIf6bj0Byc8ooCothg4:L/XrKko7OdDyKKdJnMxC/bjuh8lg

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks