General
-
Target
3fddbfe0ca6f6142b2e60577ad7ce62f_JaffaCakes118
-
Size
1.5MB
-
Sample
240713-c5ymgasbpl
-
MD5
3fddbfe0ca6f6142b2e60577ad7ce62f
-
SHA1
9e81d2411b03ceb79b14f91e6511dd40397bdaec
-
SHA256
8f6a3ff1ec23f5cfb7af48b0a6943dd5ddd33e25a9d66eff6e2d7eff2e295e14
-
SHA512
688c42786cded8c4ba85b627f827d0f82ed9a516afbcececd8de035576324a15146ae97b6e504c9bc4225c3fce9718329f4fd4c283e27ae019a6d864d460d0c8
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Malware Config
Targets
-
-
Target
3fddbfe0ca6f6142b2e60577ad7ce62f_JaffaCakes118
-
Size
1.5MB
-
MD5
3fddbfe0ca6f6142b2e60577ad7ce62f
-
SHA1
9e81d2411b03ceb79b14f91e6511dd40397bdaec
-
SHA256
8f6a3ff1ec23f5cfb7af48b0a6943dd5ddd33e25a9d66eff6e2d7eff2e295e14
-
SHA512
688c42786cded8c4ba85b627f827d0f82ed9a516afbcececd8de035576324a15146ae97b6e504c9bc4225c3fce9718329f4fd4c283e27ae019a6d864d460d0c8
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Event Triggered Execution: Image File Execution Options Injection
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1