General
-
Target
91884f1ac121d9e5ded8bdef85da6052_JaffaCakes118
-
Size
192KB
-
Sample
240813-elmf7syblp
-
MD5
91884f1ac121d9e5ded8bdef85da6052
-
SHA1
e92c5ef867200ce2afe6d2ef3d2515375c25a8f7
-
SHA256
86a825dc2b72314a5db4885e495db0ed61044e3ed8e00cbe7dc05c706b66be5b
-
SHA512
62c19263d2dcd265610957176bb0794e071837b6b1c2e6922afd29c097fcfe210657627739b3e3e1c8409b0a8afb6b647e6d246eb276c10e0d1531293551311d
-
SSDEEP
3072:gej6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT5AH:g8hvg8DL5ntb7hBkgXoZxT5K
Static task
static1
Behavioral task
behavioral1
Sample
91884f1ac121d9e5ded8bdef85da6052_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
78951asd
Targets
-
-
Target
91884f1ac121d9e5ded8bdef85da6052_JaffaCakes118
-
Size
192KB
-
MD5
91884f1ac121d9e5ded8bdef85da6052
-
SHA1
e92c5ef867200ce2afe6d2ef3d2515375c25a8f7
-
SHA256
86a825dc2b72314a5db4885e495db0ed61044e3ed8e00cbe7dc05c706b66be5b
-
SHA512
62c19263d2dcd265610957176bb0794e071837b6b1c2e6922afd29c097fcfe210657627739b3e3e1c8409b0a8afb6b647e6d246eb276c10e0d1531293551311d
-
SSDEEP
3072:gej6QTDgiEIDL5ntDnj/rlIudpB8gkgqXEoqGxT5AH:g8hvg8DL5ntb7hBkgXoZxT5K
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-