General
-
Target
e8608ef6763ff36be35de1730a46578b_JaffaCakes118
-
Size
12KB
-
Sample
240918-fmqqpateqf
-
MD5
e8608ef6763ff36be35de1730a46578b
-
SHA1
6488de14684b3a16eeb7c81787a4e9ee6781f654
-
SHA256
49a07fd7adedfa08cec51d3218330a015415189a1441af2b74ff92017b7b7d52
-
SHA512
bdbe9bca66c675e25126beb7cdf669f50032fdcff76804c5609d348126ba611937c250ea64f3b2f92561f0f524a64b89e5d3a05a3e426dd727cc198143c1e095
-
SSDEEP
192:GRZVaN4vYrySXfvG0LBqy2iSNpIaE98/G:YaNV+SvvGERAOL9t
Malware Config
Targets
-
-
Target
e8608ef6763ff36be35de1730a46578b_JaffaCakes118
-
Size
12KB
-
MD5
e8608ef6763ff36be35de1730a46578b
-
SHA1
6488de14684b3a16eeb7c81787a4e9ee6781f654
-
SHA256
49a07fd7adedfa08cec51d3218330a015415189a1441af2b74ff92017b7b7d52
-
SHA512
bdbe9bca66c675e25126beb7cdf669f50032fdcff76804c5609d348126ba611937c250ea64f3b2f92561f0f524a64b89e5d3a05a3e426dd727cc198143c1e095
-
SSDEEP
192:GRZVaN4vYrySXfvG0LBqy2iSNpIaE98/G:YaNV+SvvGERAOL9t
Score8/10-
Modifies password files for system users/ groups
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Legitimate hosting services abused for malware hosting/C2
-