General
-
Target
8278f7bed29f67870685c1c60db3c991_JaffaCakes118
-
Size
847KB
-
Sample
240802-blympawhnm
-
MD5
8278f7bed29f67870685c1c60db3c991
-
SHA1
d5c8c964af697960f0ac1915ea4223477e8db233
-
SHA256
d9401514dcd0e15f10605d453acb5912267f3f187459b8b409035ddef1d49c86
-
SHA512
5d915080de8b1f61f7336d8b0991c1fcf4ff12283c045f716a9e24bb2dc2e485b9fe29e765780f091578e90e691bfddf3b983752ec415fc5aa34620f51a78a5b
-
SSDEEP
24576:B5OnutaKdOlaaMCLiUrn7IB7yp4r/jScdFx7:7OnutFaMCT723ru2J
Malware Config
Targets
-
-
Target
8278f7bed29f67870685c1c60db3c991_JaffaCakes118
-
Size
847KB
-
MD5
8278f7bed29f67870685c1c60db3c991
-
SHA1
d5c8c964af697960f0ac1915ea4223477e8db233
-
SHA256
d9401514dcd0e15f10605d453acb5912267f3f187459b8b409035ddef1d49c86
-
SHA512
5d915080de8b1f61f7336d8b0991c1fcf4ff12283c045f716a9e24bb2dc2e485b9fe29e765780f091578e90e691bfddf3b983752ec415fc5aa34620f51a78a5b
-
SSDEEP
24576:B5OnutaKdOlaaMCLiUrn7IB7yp4r/jScdFx7:7OnutFaMCT723ru2J
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1