General
-
Target
de3dbf747a0c2411b1ad94926fbfa139_JaffaCakes118
-
Size
985KB
-
Sample
240913-nbmtnaygln
-
MD5
de3dbf747a0c2411b1ad94926fbfa139
-
SHA1
350d2733a51b38b3299806d55907f97960d26245
-
SHA256
e42e35de720849fef362dcf16260e15f2be9b6cc63a2deb808794ede176bf2b0
-
SHA512
3f83a106d0c9cd918da4c45c5072cbeb401d7d3a45d84e57442a9a806c38b29d898835d5ac18b8abd9b91619d4c1b485c7b23d95f953ffb5da9b716c9ac340fc
-
SSDEEP
12288:CnCQIlIW28wo0+9fh8yVDHp8ZTgawkM1EAGcFWQeshhz6M6yhkoLhadvOIfiJiuZ:CI65+HzFGMawkKJGkeIhWikk+OIc
Malware Config
Targets
-
-
Target
de3dbf747a0c2411b1ad94926fbfa139_JaffaCakes118
-
Size
985KB
-
MD5
de3dbf747a0c2411b1ad94926fbfa139
-
SHA1
350d2733a51b38b3299806d55907f97960d26245
-
SHA256
e42e35de720849fef362dcf16260e15f2be9b6cc63a2deb808794ede176bf2b0
-
SHA512
3f83a106d0c9cd918da4c45c5072cbeb401d7d3a45d84e57442a9a806c38b29d898835d5ac18b8abd9b91619d4c1b485c7b23d95f953ffb5da9b716c9ac340fc
-
SSDEEP
12288:CnCQIlIW28wo0+9fh8yVDHp8ZTgawkM1EAGcFWQeshhz6M6yhkoLhadvOIfiJiuZ:CI65+HzFGMawkKJGkeIhWikk+OIc
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1