General

  • Target

    1455a7bd385e289622358358c60397e7_JaffaCakes118

  • Size

    7.2MB

  • Sample

    240627-csmz7szhpj

  • MD5

    1455a7bd385e289622358358c60397e7

  • SHA1

    bb5c788de4fbe487aba13f2e039054404c610fd1

  • SHA256

    176542452494ccf7d053e3f5c06d1b22e5cff94343fde82e4173c300d7cab9d2

  • SHA512

    4b3a3e90e66640976cb758e5bc59f21755660354d31b1c2b55e6254d0ccd0838238f17784321a8c1862065ccf83cf7cd35af20f51c9a9709f38a095eabe9c18c

  • SSDEEP

    196608:2mRlMnn9onJ5hrZERrktPOKjnofiobjTjJ4t:xgn9c5hlERuPOZJ94

Malware Config

Targets

    • Target

      1455a7bd385e289622358358c60397e7_JaffaCakes118

    • Size

      7.2MB

    • MD5

      1455a7bd385e289622358358c60397e7

    • SHA1

      bb5c788de4fbe487aba13f2e039054404c610fd1

    • SHA256

      176542452494ccf7d053e3f5c06d1b22e5cff94343fde82e4173c300d7cab9d2

    • SHA512

      4b3a3e90e66640976cb758e5bc59f21755660354d31b1c2b55e6254d0ccd0838238f17784321a8c1862065ccf83cf7cd35af20f51c9a9709f38a095eabe9c18c

    • SSDEEP

      196608:2mRlMnn9onJ5hrZERrktPOKjnofiobjTjJ4t:xgn9c5hlERuPOZJ94

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks