General
-
Target
411c85c420b3da7e345e21c6eabde316_JaffaCakes118
-
Size
35KB
-
Sample
240713-lez72svgnl
-
MD5
411c85c420b3da7e345e21c6eabde316
-
SHA1
50e6976d7e1fecc6c0d1550f2bed0c1e3583320e
-
SHA256
02cf3267123654a4c45d0cc114a70e6ac5353527f19fdf22328305dde4f8e1eb
-
SHA512
81c8e45c0bc4b0f29268aec40723a4e5ab3d43ef93306757248108235a8f30906bec92ccf8d784cc68635f54a26e45f2fa7cde5dc3251a7a2f9433ae81b873dc
-
SSDEEP
768:DrGU+uCpCM+EYdfpAtMw74BX1Oe7mSCE7s6b:F+Fft41I4J1OeaAJb
Malware Config
Targets
-
-
Target
411c85c420b3da7e345e21c6eabde316_JaffaCakes118
-
Size
35KB
-
MD5
411c85c420b3da7e345e21c6eabde316
-
SHA1
50e6976d7e1fecc6c0d1550f2bed0c1e3583320e
-
SHA256
02cf3267123654a4c45d0cc114a70e6ac5353527f19fdf22328305dde4f8e1eb
-
SHA512
81c8e45c0bc4b0f29268aec40723a4e5ab3d43ef93306757248108235a8f30906bec92ccf8d784cc68635f54a26e45f2fa7cde5dc3251a7a2f9433ae81b873dc
-
SSDEEP
768:DrGU+uCpCM+EYdfpAtMw74BX1Oe7mSCE7s6b:F+Fft41I4J1OeaAJb
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1