General
-
Target
946ed920ed4742daf02adf9b221146b6_JaffaCakes118
-
Size
876KB
-
Sample
240813-x8lsassckc
-
MD5
946ed920ed4742daf02adf9b221146b6
-
SHA1
0b302d169c147b4b80082214ae749eac109469f3
-
SHA256
b476ca249855b31da9affd9a8cf153ccb4d19250c6340f6294e9da67d208278e
-
SHA512
0e3c539a1e4c1d604f0cba6173788b47120eca9406b729a38981e12c1912c48b61312626e19f6a880736c7a4ac74e1afaa86e41b4173a094c9857312190229ae
-
SSDEEP
24576:GVbJ96RIltyqrJ3arIORDS4tlNhifGSgEv:GVl9YIiuJ3sFtln6
Malware Config
Targets
-
-
Target
946ed920ed4742daf02adf9b221146b6_JaffaCakes118
-
Size
876KB
-
MD5
946ed920ed4742daf02adf9b221146b6
-
SHA1
0b302d169c147b4b80082214ae749eac109469f3
-
SHA256
b476ca249855b31da9affd9a8cf153ccb4d19250c6340f6294e9da67d208278e
-
SHA512
0e3c539a1e4c1d604f0cba6173788b47120eca9406b729a38981e12c1912c48b61312626e19f6a880736c7a4ac74e1afaa86e41b4173a094c9857312190229ae
-
SSDEEP
24576:GVbJ96RIltyqrJ3arIORDS4tlNhifGSgEv:GVl9YIiuJ3sFtln6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-