General
-
Target
c26dde74c4e50e22121b1ec50dd30417_JaffaCakes118
-
Size
1.7MB
-
Sample
240826-gw92csyfqb
-
MD5
c26dde74c4e50e22121b1ec50dd30417
-
SHA1
c2086ad96557af08bf3d406d0b40054fd8ce5465
-
SHA256
adda323ba6c6dff2b728907819ed779c56114a07a5ed07f9ac9bc08117fe0d08
-
SHA512
968563b793f2f01f0def5312fd79f0b5600a0034a2f2a771c39cf20f2ee37602aefe67a878f0fe8fdeff2ce5bb8df2916f6b15b1688be0fc01f7eab5160d6839
-
SSDEEP
3072:A4tngvlGPo7OmH2MGn8hEXRjCC1K0mKGVpeH:3ytGPyOetGnNXRj+Re
Malware Config
Targets
-
-
Target
c26dde74c4e50e22121b1ec50dd30417_JaffaCakes118
-
Size
1.7MB
-
MD5
c26dde74c4e50e22121b1ec50dd30417
-
SHA1
c2086ad96557af08bf3d406d0b40054fd8ce5465
-
SHA256
adda323ba6c6dff2b728907819ed779c56114a07a5ed07f9ac9bc08117fe0d08
-
SHA512
968563b793f2f01f0def5312fd79f0b5600a0034a2f2a771c39cf20f2ee37602aefe67a878f0fe8fdeff2ce5bb8df2916f6b15b1688be0fc01f7eab5160d6839
-
SSDEEP
3072:A4tngvlGPo7OmH2MGn8hEXRjCC1K0mKGVpeH:3ytGPyOetGnNXRj+Re
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Credential Access
Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1