General

  • Target

    eb96f907bb71171fe3bb779e44ac6007_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240919-sf66bavgqn

  • MD5

    eb96f907bb71171fe3bb779e44ac6007

  • SHA1

    36e6f10c8f87d0f06c668d9b04162b45e90b5303

  • SHA256

    9d1b495146062d7c63e1d7fd3c98baebfa55a56a9e6e53959d85f58d4624ba78

  • SHA512

    5fe962bc1ef156ab0cfff25b6028df49414d0fc74935904812bb5460bfdd82aa54ebd5e2515f0f9c3e9f4b5929e06ad7f12b33dd3888a96f05fac498e95a091b

  • SSDEEP

    24576:sNATBHvAey+sIui418iha29SWxbXLb3z5PO7xICA:PTBHTyxvi418iPHbXXz5PO9a

Malware Config

Targets

    • Target

      patch.exe

    • Size

      1.1MB

    • MD5

      54cb7e59177f531d259295d73a02f71c

    • SHA1

      5e214e05610758004a4c6a8ccb2fbd75cffdca39

    • SHA256

      272c3b974870f938abeb3fe970e034e28f57a558f727af62b0a3a94132c2422d

    • SHA512

      ed8f3bf7cfc2be8ae0d3e8d897ac57c03ea9b1992326fea704d5444a576b1893c016025f8d632d72a660b946ca354dfa2c0a5b1595023a48975de6120163b721

    • SSDEEP

      24576:LlW/B0r+cd8xoa7xb0+hw8YajXiM8lwiswjx/ZyGS5zW:05I+cax/lbPhlvYwDGEGS5zW

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UAC bypass

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks