General
-
Target
eaa54f3a1c85e0f204d8daf98321a157_JaffaCakes118
-
Size
1.4MB
-
Sample
240919-ftypwasfll
-
MD5
eaa54f3a1c85e0f204d8daf98321a157
-
SHA1
9277f70f7c875457c4c262e9cc64adb97f4f24fa
-
SHA256
b3c438f589e3340fc35678ed58d10527136b2571a4a938e4f1e67ac2e6b484a9
-
SHA512
40f6a87cab4b93cff1132bb27fdfac00399ebb3f9b9f0c5e96f9938b24154d5cf1678a5e24ca54c8d902a0f1f399af1bd9ba2ae785f7a4542bab5befb121bf65
-
SSDEEP
24576:p6FGk+eyI/4WnyM54BsJdj3LcCT6VWqgJPS6:AdyU4Wnye4gL96xgJPS6
Malware Config
Targets
-
-
Target
eaa54f3a1c85e0f204d8daf98321a157_JaffaCakes118
-
Size
1.4MB
-
MD5
eaa54f3a1c85e0f204d8daf98321a157
-
SHA1
9277f70f7c875457c4c262e9cc64adb97f4f24fa
-
SHA256
b3c438f589e3340fc35678ed58d10527136b2571a4a938e4f1e67ac2e6b484a9
-
SHA512
40f6a87cab4b93cff1132bb27fdfac00399ebb3f9b9f0c5e96f9938b24154d5cf1678a5e24ca54c8d902a0f1f399af1bd9ba2ae785f7a4542bab5befb121bf65
-
SSDEEP
24576:p6FGk+eyI/4WnyM54BsJdj3LcCT6VWqgJPS6:AdyU4Wnye4gL96xgJPS6
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1