General
-
Target
48e6e3414d91bddd287d79cd605ce611_JaffaCakes118
-
Size
60KB
-
Sample
240715-jvej6syglc
-
MD5
48e6e3414d91bddd287d79cd605ce611
-
SHA1
b2470d04a722a55f2e721c6a5b142c0518ff2642
-
SHA256
7122da26f8b63a5efe3030cf43a44f1711c7c55f0949a147fbfc4027d37263fa
-
SHA512
32df764fe63eb7a0d130c1694bf8c2345766e9e56b843095c80430f7ba765e905cd2b149dcdf34503764cf1614813b1f3060effccd090a2fd2db925ce976b590
-
SSDEEP
1536:enn7Rwb8rytbcZOabvhw/Q+llqNPPrLVLp+a1n2WDxoZw:En7qOQYTvh6Q73l1+C2I
Malware Config
Targets
-
-
Target
48e6e3414d91bddd287d79cd605ce611_JaffaCakes118
-
Size
60KB
-
MD5
48e6e3414d91bddd287d79cd605ce611
-
SHA1
b2470d04a722a55f2e721c6a5b142c0518ff2642
-
SHA256
7122da26f8b63a5efe3030cf43a44f1711c7c55f0949a147fbfc4027d37263fa
-
SHA512
32df764fe63eb7a0d130c1694bf8c2345766e9e56b843095c80430f7ba765e905cd2b149dcdf34503764cf1614813b1f3060effccd090a2fd2db925ce976b590
-
SSDEEP
1536:enn7Rwb8rytbcZOabvhw/Q+llqNPPrLVLp+a1n2WDxoZw:En7qOQYTvh6Q73l1+C2I
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-