General

  • Target

    10e6de7bec3d7c66b13f5227b8729793_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240626-gb9vvs1bmj

  • MD5

    10e6de7bec3d7c66b13f5227b8729793

  • SHA1

    cd653846a66b3cf4587fe2c605d883db2ace6586

  • SHA256

    0a69b33acbc21fd40e2975d9b2b321898062198fbccfd38d6ef8b0b5c2a9c1d2

  • SHA512

    1b672b0bd338f111bc69814316cc30d4f5289811f26eebf0369ed5c7c06359bbb4b74fd34dc2dcedb9393324fb514c001b6564fcfb4b33dbbd4a790eee9caf31

  • SSDEEP

    24576:bNBIlk9QFtfRWYozUwK4LHYFiOobc7ixddZ:kKeFxQYHUYbMcefZ

Malware Config

Targets

    • Target

      10e6de7bec3d7c66b13f5227b8729793_JaffaCakes118

    • Size

      1.1MB

    • MD5

      10e6de7bec3d7c66b13f5227b8729793

    • SHA1

      cd653846a66b3cf4587fe2c605d883db2ace6586

    • SHA256

      0a69b33acbc21fd40e2975d9b2b321898062198fbccfd38d6ef8b0b5c2a9c1d2

    • SHA512

      1b672b0bd338f111bc69814316cc30d4f5289811f26eebf0369ed5c7c06359bbb4b74fd34dc2dcedb9393324fb514c001b6564fcfb4b33dbbd4a790eee9caf31

    • SSDEEP

      24576:bNBIlk9QFtfRWYozUwK4LHYFiOobc7ixddZ:kKeFxQYHUYbMcefZ

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks