General

  • Target

    45e19643060ed35c221ba014416a38d3_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240729-pdcbdasbnf

  • MD5

    45e19643060ed35c221ba014416a38d3

  • SHA1

    bb0a33458a714d36f8bcce3d777b8d28978ea9ff

  • SHA256

    323a3c53d2e325fb589a702bea7b8c2f3a5e8c1cc4602b3c0cf1ed00cb9b730a

  • SHA512

    9c1feb753f516a6e49ba89eb3f736ef15373856b3b9196df5cf3726675cea1e88b77fbcb45eb71cfb5033ee957dae99deb44708d448dcee9310bb187f83e0423

  • SSDEEP

    98304:HZhiav3/r1ifv9HttDqEa1PNq66RaTbrOg:HL3/r1Ut0EuNjE

Malware Config

Targets

    • Target

      45e19643060ed35c221ba014416a38d3_JaffaCakes118

    • Size

      4.2MB

    • MD5

      45e19643060ed35c221ba014416a38d3

    • SHA1

      bb0a33458a714d36f8bcce3d777b8d28978ea9ff

    • SHA256

      323a3c53d2e325fb589a702bea7b8c2f3a5e8c1cc4602b3c0cf1ed00cb9b730a

    • SHA512

      9c1feb753f516a6e49ba89eb3f736ef15373856b3b9196df5cf3726675cea1e88b77fbcb45eb71cfb5033ee957dae99deb44708d448dcee9310bb187f83e0423

    • SSDEEP

      98304:HZhiav3/r1ifv9HttDqEa1PNq66RaTbrOg:HL3/r1Ut0EuNjE

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks