General
-
Target
eb0a859efc1fe05458f50edb9119eebe_JaffaCakes118
-
Size
505KB
-
Sample
240919-lfzb5s1fkb
-
MD5
eb0a859efc1fe05458f50edb9119eebe
-
SHA1
1ae1bc6b889496b3224e8752e5da575a8bacb3db
-
SHA256
183c38974e3554d8aa125eb887dd740aa318ba7be8e6b04c5db3131a402b6b73
-
SHA512
5bf23cb75c02f469dfda36654a054e245a7665b651b1921086a786b6be8a3e74ad32771122a9aeddb048b0d98c385127995a6aea92a41c181804d4a559a71fa9
-
SSDEEP
12288:eLZPhc23D77SE0A8IIQSz4C1olmu4F/4I:eLFhc2z3P0rf9olmTx
Malware Config
Targets
-
-
Target
eb0a859efc1fe05458f50edb9119eebe_JaffaCakes118
-
Size
505KB
-
MD5
eb0a859efc1fe05458f50edb9119eebe
-
SHA1
1ae1bc6b889496b3224e8752e5da575a8bacb3db
-
SHA256
183c38974e3554d8aa125eb887dd740aa318ba7be8e6b04c5db3131a402b6b73
-
SHA512
5bf23cb75c02f469dfda36654a054e245a7665b651b1921086a786b6be8a3e74ad32771122a9aeddb048b0d98c385127995a6aea92a41c181804d4a559a71fa9
-
SSDEEP
12288:eLZPhc23D77SE0A8IIQSz4C1olmu4F/4I:eLFhc2z3P0rf9olmTx
Score7/10-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-