General
-
Target
dd3a7d1317627fe2ba0469e5d8625c73_JaffaCakes118
-
Size
460KB
-
Sample
240912-3c7b1s1cqk
-
MD5
dd3a7d1317627fe2ba0469e5d8625c73
-
SHA1
9f9e1dac52addb0ac0a2842382c09969eb694313
-
SHA256
c27bb2fffd733ba36cf9d1428694e0a97dc88de1c5eeb26498ac404dcb46fd96
-
SHA512
747a3fd2d360abb6eee9b2d9222263ca63524853410a0f569665e77a80c878e831d9b181b8c45353e011a9c6e1bc6c284bf7f88cce5815ca6c29409426b24760
-
SSDEEP
12288:AP10UxdjeBCWZmOGndDXv7ArCSC1Mfbt6U4vbKMMumF:AP0U9xmCL1MR14vBMumF
Malware Config
Targets
-
-
Target
dd3a7d1317627fe2ba0469e5d8625c73_JaffaCakes118
-
Size
460KB
-
MD5
dd3a7d1317627fe2ba0469e5d8625c73
-
SHA1
9f9e1dac52addb0ac0a2842382c09969eb694313
-
SHA256
c27bb2fffd733ba36cf9d1428694e0a97dc88de1c5eeb26498ac404dcb46fd96
-
SHA512
747a3fd2d360abb6eee9b2d9222263ca63524853410a0f569665e77a80c878e831d9b181b8c45353e011a9c6e1bc6c284bf7f88cce5815ca6c29409426b24760
-
SSDEEP
12288:AP10UxdjeBCWZmOGndDXv7ArCSC1Mfbt6U4vbKMMumF:AP0U9xmCL1MR14vBMumF
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-