General
-
Target
51b9711c5637cdf4a5b44f6dd9bb3eda_JaffaCakes118
-
Size
3.8MB
-
Sample
240717-gpddtayblr
-
MD5
51b9711c5637cdf4a5b44f6dd9bb3eda
-
SHA1
b4851f0f4a1568130763142dfecce532f8dca6e3
-
SHA256
dd11659543b958d2dd58b0a694a2c574aaf94f5edd8689860e9c4a36b5530cee
-
SHA512
69347285283b80d45e2f988500d54fba9fcb5fb6711f33cb92d12d8ce71deb088027a8e57ec525906f12133b75a12ed5b03b66e8a4bc06ee229fd15270a8a0f8
-
SSDEEP
98304:zHDIrXrCr0zwGfGmxDw8Ea2vmq/CAtnx/9uQa9:zjIrWIzbfBDwTa2e5Ahx/9Ba
Malware Config
Targets
-
-
Target
51b9711c5637cdf4a5b44f6dd9bb3eda_JaffaCakes118
-
Size
3.8MB
-
MD5
51b9711c5637cdf4a5b44f6dd9bb3eda
-
SHA1
b4851f0f4a1568130763142dfecce532f8dca6e3
-
SHA256
dd11659543b958d2dd58b0a694a2c574aaf94f5edd8689860e9c4a36b5530cee
-
SHA512
69347285283b80d45e2f988500d54fba9fcb5fb6711f33cb92d12d8ce71deb088027a8e57ec525906f12133b75a12ed5b03b66e8a4bc06ee229fd15270a8a0f8
-
SSDEEP
98304:zHDIrXrCr0zwGfGmxDw8Ea2vmq/CAtnx/9uQa9:zjIrWIzbfBDwTa2e5Ahx/9Ba
Score10/10-
Darkstealer
Darkstealer is a file grabber, data stealer, and RAT.
-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon - DarkStealer Fork
Payload resembles modified variant of Echelon Stealer called DarkStealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-