General
-
Target
c44e6d079cd330004ea0c04433cf40b5_JaffaCakes118
-
Size
927KB
-
Sample
240827-eevt1a1flh
-
MD5
c44e6d079cd330004ea0c04433cf40b5
-
SHA1
6fec949d132ed7dec67d62ec29914107411ecff8
-
SHA256
7c776d7d4daa251c4a40fb3365645eefd53d4e35fcae7cff8f69b6b68910eae8
-
SHA512
ab1c26ac4040d6e60f889d92cd5996809d8061ed3b22dbe0724794f677d672f9896612b4c167a39bd20085e9e274b026f6cf7bbc2620ecb45170230ea97e2ac7
-
SSDEEP
12288:RcWkKnT0xjSrqLSAsBiiMpQqY4uAqPKlwUoySwLIR2akcKJZiJb:SawjSjAsuGzcwUKv24
Static task
static1
Behavioral task
behavioral1
Sample
c44e6d079cd330004ea0c04433cf40b5_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
c44e6d079cd330004ea0c04433cf40b5_JaffaCakes118
-
Size
927KB
-
MD5
c44e6d079cd330004ea0c04433cf40b5
-
SHA1
6fec949d132ed7dec67d62ec29914107411ecff8
-
SHA256
7c776d7d4daa251c4a40fb3365645eefd53d4e35fcae7cff8f69b6b68910eae8
-
SHA512
ab1c26ac4040d6e60f889d92cd5996809d8061ed3b22dbe0724794f677d672f9896612b4c167a39bd20085e9e274b026f6cf7bbc2620ecb45170230ea97e2ac7
-
SSDEEP
12288:RcWkKnT0xjSrqLSAsBiiMpQqY4uAqPKlwUoySwLIR2akcKJZiJb:SawjSjAsuGzcwUKv24
-
Taurus Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
2Credentials in Registry
1