General
-
Target
ddc830e7c4a392c7dd7247bff704cb51_JaffaCakes118
-
Size
637KB
-
Sample
240913-gdf1kaxbmp
-
MD5
ddc830e7c4a392c7dd7247bff704cb51
-
SHA1
5b1bf652038a5b4c923ecc64496e9140836d23d7
-
SHA256
3c4814aae1568c8bb386e9a4f28d0142cd9ace2494be2d73fea69881942e545b
-
SHA512
d6e5364d978e72fc58a1c461e52cc885763c0044d557631c7d4047609cc25408216136a494c6ba6d2cc6bde6bda265e59825c56f1924dfc16084fdf14d69f81d
-
SSDEEP
12288:WiCFdcQ4wIU6MEZlQI0PsdFui/oyID6KVzU4ANdA6hQxV+2SieaG3RnMIU:Wii63MED2s+i/JIZVzkhu3exRn8
Malware Config
Targets
-
-
Target
ddc830e7c4a392c7dd7247bff704cb51_JaffaCakes118
-
Size
637KB
-
MD5
ddc830e7c4a392c7dd7247bff704cb51
-
SHA1
5b1bf652038a5b4c923ecc64496e9140836d23d7
-
SHA256
3c4814aae1568c8bb386e9a4f28d0142cd9ace2494be2d73fea69881942e545b
-
SHA512
d6e5364d978e72fc58a1c461e52cc885763c0044d557631c7d4047609cc25408216136a494c6ba6d2cc6bde6bda265e59825c56f1924dfc16084fdf14d69f81d
-
SSDEEP
12288:WiCFdcQ4wIU6MEZlQI0PsdFui/oyID6KVzU4ANdA6hQxV+2SieaG3RnMIU:Wii63MED2s+i/JIZVzkhu3exRn8
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1