General
-
Target
dbcf9b9b5ed7714d1e401d55dd8a275c_JaffaCakes118
-
Size
863KB
-
Sample
240912-e3hvca1enr
-
MD5
dbcf9b9b5ed7714d1e401d55dd8a275c
-
SHA1
9d4ec1e5d2e3701df2b9ae57b8ebc5b94da22efd
-
SHA256
90848e39f8934de3667017477e2141dd0d7100004d88a48fee42c334f699a820
-
SHA512
dad24e1ad4bc27e36f6113cdb8bb63154b38b8c9b8be071edd787d95ce74ba7f414753f0af2490f510656f86522f4ad80faf658161d9f3d693a00d27e670da7b
-
SSDEEP
12288:YsECnm4mQqLTBz7uflFnjBJ6y+OzB3kjSqc3AMI5LA2+9EvzGWaIfGl7P9FV/+uz:zmQ+YlbJ6BO6Lc3AY9KGXzl7P9j/+u4
Malware Config
Targets
-
-
Target
dbcf9b9b5ed7714d1e401d55dd8a275c_JaffaCakes118
-
Size
863KB
-
MD5
dbcf9b9b5ed7714d1e401d55dd8a275c
-
SHA1
9d4ec1e5d2e3701df2b9ae57b8ebc5b94da22efd
-
SHA256
90848e39f8934de3667017477e2141dd0d7100004d88a48fee42c334f699a820
-
SHA512
dad24e1ad4bc27e36f6113cdb8bb63154b38b8c9b8be071edd787d95ce74ba7f414753f0af2490f510656f86522f4ad80faf658161d9f3d693a00d27e670da7b
-
SSDEEP
12288:YsECnm4mQqLTBz7uflFnjBJ6y+OzB3kjSqc3AMI5LA2+9EvzGWaIfGl7P9FV/+uz:zmQ+YlbJ6BO6Lc3AY9KGXzl7P9j/+u4
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1