General
-
Target
81c9a587962459f7c10d08b0d95baaee_JaffaCakes118
-
Size
185KB
-
Sample
240801-1bkera1cre
-
MD5
81c9a587962459f7c10d08b0d95baaee
-
SHA1
b70bfe456ee9aad9aa6abf405ada2cf2d71f1cc7
-
SHA256
29c5bb49412fea0f063be96a2b3acd9917744dde8b2b133134c5d9d6eb2da835
-
SHA512
1562bd3131f56b087db58e4c04f1131beaa99ff3f775804fddbd8dd9eb08bef48db46fce6098d29ef75e353d4d19ea92b51fafa665ea1a3cc6ab927b0889b19c
-
SSDEEP
3072:iB5j6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT9UK2ta:Ithvg8DL5ntb7hBkgXoZxTf2t
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
guildwars1
Targets
-
-
Target
81c9a587962459f7c10d08b0d95baaee_JaffaCakes118
-
Size
185KB
-
MD5
81c9a587962459f7c10d08b0d95baaee
-
SHA1
b70bfe456ee9aad9aa6abf405ada2cf2d71f1cc7
-
SHA256
29c5bb49412fea0f063be96a2b3acd9917744dde8b2b133134c5d9d6eb2da835
-
SHA512
1562bd3131f56b087db58e4c04f1131beaa99ff3f775804fddbd8dd9eb08bef48db46fce6098d29ef75e353d4d19ea92b51fafa665ea1a3cc6ab927b0889b19c
-
SSDEEP
3072:iB5j6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT9UK2ta:Ithvg8DL5ntb7hBkgXoZxTf2t
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-