General
-
Target
ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118
-
Size
869KB
-
Sample
240919-xategstfjd
-
MD5
ebf60b6987518545111de0c5b4ac9b61
-
SHA1
143d3c50c77c5d2ab0698bb9882df72c06247a50
-
SHA256
03d5b523a43ca6a43adf3270ecaa3ae1621f0cacc6e99af1ae9c3b101407556e
-
SHA512
354a75e8390fb9c24cb72eb9e4e3e96af5c161471c08c08da55a4ef28a90bfa65ac8e822a45f70fa4cb576c3cbd8ac2aaa5111f900da659c957ed1bc1ca86e8b
-
SSDEEP
24576:1loeON5Vm8uGLrAKKNjrfG6fVbuJ/Dm4C2h9u:165w5y0KKx7fVbIDmE9u
Static task
static1
Behavioral task
behavioral1
Sample
ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ebf60b6987518545111de0c5b4ac9b61_JaffaCakes118
-
Size
869KB
-
MD5
ebf60b6987518545111de0c5b4ac9b61
-
SHA1
143d3c50c77c5d2ab0698bb9882df72c06247a50
-
SHA256
03d5b523a43ca6a43adf3270ecaa3ae1621f0cacc6e99af1ae9c3b101407556e
-
SHA512
354a75e8390fb9c24cb72eb9e4e3e96af5c161471c08c08da55a4ef28a90bfa65ac8e822a45f70fa4cb576c3cbd8ac2aaa5111f900da659c957ed1bc1ca86e8b
-
SSDEEP
24576:1loeON5Vm8uGLrAKKNjrfG6fVbuJ/Dm4C2h9u:165w5y0KKx7fVbIDmE9u
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1