General
-
Target
a829b2f8974cf7744feea25d9b1ea8c6_JaffaCakes118
-
Size
815KB
-
Sample
240818-zngzqawhmk
-
MD5
a829b2f8974cf7744feea25d9b1ea8c6
-
SHA1
a0046c71b3bab0bdb8ae09a9ce0b440072708d67
-
SHA256
c8b09fcfe5537f2cb1d899e64d6d529571ad663ff37927217317954c08d7e062
-
SHA512
44858702fe4b6cc7e999522f48e6ac8a7fcc05b71db766a7908ec05f4f99178392bc26d5153360169cfc7707c45ba396d1b796e685a598ef71c0b97933c440e2
-
SSDEEP
24576:G4SBe3/X+1Sxepq+pfGQABKd9FOs7FvZpFyO+obO5fKvFaX:G4SBe3eSY0+pGQPZ7FvZbybPfGq
Malware Config
Targets
-
-
Target
a829b2f8974cf7744feea25d9b1ea8c6_JaffaCakes118
-
Size
815KB
-
MD5
a829b2f8974cf7744feea25d9b1ea8c6
-
SHA1
a0046c71b3bab0bdb8ae09a9ce0b440072708d67
-
SHA256
c8b09fcfe5537f2cb1d899e64d6d529571ad663ff37927217317954c08d7e062
-
SHA512
44858702fe4b6cc7e999522f48e6ac8a7fcc05b71db766a7908ec05f4f99178392bc26d5153360169cfc7707c45ba396d1b796e685a598ef71c0b97933c440e2
-
SSDEEP
24576:G4SBe3/X+1Sxepq+pfGQABKd9FOs7FvZpFyO+obO5fKvFaX:G4SBe3eSY0+pGQPZ7FvZbybPfGq
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1