General
-
Target
ea17e941ec3194e35be891e53a4fbef0_JaffaCakes118
-
Size
317KB
-
Sample
240918-2gqdmawgkd
-
MD5
ea17e941ec3194e35be891e53a4fbef0
-
SHA1
ff4a637af5c4ea5591d7eece265dd4e6b1d81d6a
-
SHA256
725dd5cb788d1a387d16e06040bf1677e0328ca08a17b322e86b692e675cd6ac
-
SHA512
348a22a6e814042c85742c47647709970463b88f8df27dc77142de5e327cec96e0a0b29005f32181af1148042f9b404d11617b395c8b55cef23efe7815b3bb3e
-
SSDEEP
6144:XSKwS8shTC44FREcNhqf3AWV3TJGLrqC7SIuj2+tzRj8mIcUf/:XSKn8Cd4FREQqfPcrZWwitj8mIcUn
Malware Config
Targets
-
-
Target
ea17e941ec3194e35be891e53a4fbef0_JaffaCakes118
-
Size
317KB
-
MD5
ea17e941ec3194e35be891e53a4fbef0
-
SHA1
ff4a637af5c4ea5591d7eece265dd4e6b1d81d6a
-
SHA256
725dd5cb788d1a387d16e06040bf1677e0328ca08a17b322e86b692e675cd6ac
-
SHA512
348a22a6e814042c85742c47647709970463b88f8df27dc77142de5e327cec96e0a0b29005f32181af1148042f9b404d11617b395c8b55cef23efe7815b3bb3e
-
SSDEEP
6144:XSKwS8shTC44FREcNhqf3AWV3TJGLrqC7SIuj2+tzRj8mIcUf/:XSKn8Cd4FREQqfPcrZWwitj8mIcUn
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1