General

  • Target

    76f6ba1907225ad91884811e48dbd8d5_JaffaCakes118

  • Size

    50KB

  • Sample

    240727-ehr8aawclm

  • MD5

    76f6ba1907225ad91884811e48dbd8d5

  • SHA1

    07bd13a930ae44ad1277aad1bf30479ad95e9e34

  • SHA256

    abfb213c4a89239f368470b588043b694fa7da59cad09a3be81031b0fd3f3acc

  • SHA512

    3e473a3204d8c41e57f55a82ec56bb1bfb24971634c5575e71c70f1be88302c8dfc15143491a3445db38f7b780bd978c71847561124e6ba64e569b0ae4ac7770

  • SSDEEP

    768:pH+0GGDyxLQBruIKWcC+wR5TV4UFo53Gt5KnhuKmSsKjtAh8tNIt2YqiTVYgPl4:BhoLQoIKdO4UY3GtUnUCsKJASG3JTVv4

Malware Config

Targets

    • Target

      76f6ba1907225ad91884811e48dbd8d5_JaffaCakes118

    • Size

      50KB

    • MD5

      76f6ba1907225ad91884811e48dbd8d5

    • SHA1

      07bd13a930ae44ad1277aad1bf30479ad95e9e34

    • SHA256

      abfb213c4a89239f368470b588043b694fa7da59cad09a3be81031b0fd3f3acc

    • SHA512

      3e473a3204d8c41e57f55a82ec56bb1bfb24971634c5575e71c70f1be88302c8dfc15143491a3445db38f7b780bd978c71847561124e6ba64e569b0ae4ac7770

    • SSDEEP

      768:pH+0GGDyxLQBruIKWcC+wR5TV4UFo53Gt5KnhuKmSsKjtAh8tNIt2YqiTVYgPl4:BhoLQoIKdO4UY3GtUnUCsKJASG3JTVv4

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks