General

  • Target

    7877f3e6600f444c0417d978202ec7cc_JaffaCakes118

  • Size

    5.1MB

  • Sample

    240727-rpgfkstbpm

  • MD5

    7877f3e6600f444c0417d978202ec7cc

  • SHA1

    2ff29345706a99c08fbfdc4f38283c6b228458af

  • SHA256

    ff8f9f39b2d488ecb6effefdab88ff8e900f419c92a799dcd38ee7a9f0b67698

  • SHA512

    8801f740d81302639ddc05705a7742c500cc9615109f1b5f71328d2b767f3aa269c0e893bb4998c2a02c2b7738e1af7bc9bff421cf3013c2bf4a32194ae6a7f1

  • SSDEEP

    6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Malware Config

Targets

    • Target

      7877f3e6600f444c0417d978202ec7cc_JaffaCakes118

    • Size

      5.1MB

    • MD5

      7877f3e6600f444c0417d978202ec7cc

    • SHA1

      2ff29345706a99c08fbfdc4f38283c6b228458af

    • SHA256

      ff8f9f39b2d488ecb6effefdab88ff8e900f419c92a799dcd38ee7a9f0b67698

    • SHA512

      8801f740d81302639ddc05705a7742c500cc9615109f1b5f71328d2b767f3aa269c0e893bb4998c2a02c2b7738e1af7bc9bff421cf3013c2bf4a32194ae6a7f1

    • SSDEEP

      6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks