General
-
Target
29da3193f405917f3fb56e29d06d54f2_JaffaCakes118
-
Size
524KB
-
Sample
240707-j8lweaxfmp
-
MD5
29da3193f405917f3fb56e29d06d54f2
-
SHA1
ba7a2b6f38fae9cca9bc82bc6f4fd338bedab498
-
SHA256
3b03bab71b915647b7c7f414bbfc71d82b21e4c97c89d31220bc9e038c31a595
-
SHA512
8abe7c44436dbb4c97178c7d4d658a0897ff36f38e5e6ee7fed6b9d2d1aa212680cb94db5cc4a0714f428cd62dd87fade34c69ff16c38543d5841e57be7530e7
-
SSDEEP
12288:J3QP9kH2bQ/EAkvvrv34V+2P5ZZ9KYnq:RFHPsAUj4YibZ9KY
Malware Config
Targets
-
-
Target
29da3193f405917f3fb56e29d06d54f2_JaffaCakes118
-
Size
524KB
-
MD5
29da3193f405917f3fb56e29d06d54f2
-
SHA1
ba7a2b6f38fae9cca9bc82bc6f4fd338bedab498
-
SHA256
3b03bab71b915647b7c7f414bbfc71d82b21e4c97c89d31220bc9e038c31a595
-
SHA512
8abe7c44436dbb4c97178c7d4d658a0897ff36f38e5e6ee7fed6b9d2d1aa212680cb94db5cc4a0714f428cd62dd87fade34c69ff16c38543d5841e57be7530e7
-
SSDEEP
12288:J3QP9kH2bQ/EAkvvrv34V+2P5ZZ9KYnq:RFHPsAUj4YibZ9KY
Score7/10-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-