General
-
Target
33e375ad39187198b6ccc8e1d48ca4b1_JaffaCakes118
-
Size
181KB
-
Sample
240710-jvn4lswbrq
-
MD5
33e375ad39187198b6ccc8e1d48ca4b1
-
SHA1
817e59d3c67472464a2e8936f4f38cc4d63f68e9
-
SHA256
674032a99ef792bc548ba7ee4f13ceebea9c82b7eead21c874627340cdf2fec0
-
SHA512
bf37f68fffdc09f5af9248bbdac0a78491b9797924f495da94d81899a6852ca0704261a9ab2861d2c0ab8cf7dd3d7fb676ba4ad047b4b8384d702729da98faac
-
SSDEEP
3072:aH2bFJIhtrAi3yixSwm/ePWBlisSHy1GFrZrPxeS2a/gcslKNFxZmt90wFKTxRcc:aHUfIhtrxSwAePWBVoZrozaImxZ9FTxR
Malware Config
Targets
-
-
Target
33e375ad39187198b6ccc8e1d48ca4b1_JaffaCakes118
-
Size
181KB
-
MD5
33e375ad39187198b6ccc8e1d48ca4b1
-
SHA1
817e59d3c67472464a2e8936f4f38cc4d63f68e9
-
SHA256
674032a99ef792bc548ba7ee4f13ceebea9c82b7eead21c874627340cdf2fec0
-
SHA512
bf37f68fffdc09f5af9248bbdac0a78491b9797924f495da94d81899a6852ca0704261a9ab2861d2c0ab8cf7dd3d7fb676ba4ad047b4b8384d702729da98faac
-
SSDEEP
3072:aH2bFJIhtrAi3yixSwm/ePWBlisSHy1GFrZrPxeS2a/gcslKNFxZmt90wFKTxRcc:aHUfIhtrxSwAePWBVoZrozaImxZ9FTxR
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-