General
-
Target
adb1654c27760ecff4f8dc87f55be850_JaffaCakes118
-
Size
764KB
-
Sample
240820-dwmz2s1drh
-
MD5
adb1654c27760ecff4f8dc87f55be850
-
SHA1
db7e0194b8a01c95d9be76bf29d59f68887f39f7
-
SHA256
90ddfd2d3594bd9ee1c991862b9b1d7a8e03636383e1b60741d828dce4975520
-
SHA512
3e67bd00ce08df6d72a6890b9c71bb01d05a28942c004b6e9ca85bbd66f42f95259f35a9f670a32f7a55f0da4b31456522b228d758193a377c0d2e2feafbfaaf
-
SSDEEP
12288:ulGLmWWRI8VNcBaMnj6JNoZA9WviRPRKKSvrSrGjdRvuIM0/EG:ulCmWWRJaj6Xoa/lESaxRvLl
Malware Config
Targets
-
-
Target
adb1654c27760ecff4f8dc87f55be850_JaffaCakes118
-
Size
764KB
-
MD5
adb1654c27760ecff4f8dc87f55be850
-
SHA1
db7e0194b8a01c95d9be76bf29d59f68887f39f7
-
SHA256
90ddfd2d3594bd9ee1c991862b9b1d7a8e03636383e1b60741d828dce4975520
-
SHA512
3e67bd00ce08df6d72a6890b9c71bb01d05a28942c004b6e9ca85bbd66f42f95259f35a9f670a32f7a55f0da4b31456522b228d758193a377c0d2e2feafbfaaf
-
SSDEEP
12288:ulGLmWWRI8VNcBaMnj6JNoZA9WviRPRKKSvrSrGjdRvuIM0/EG:ulCmWWRJaj6Xoa/lESaxRvLl
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1