General
-
Target
ec16850ff883bd0e1c6f5bcc479eab88_JaffaCakes118
-
Size
316KB
-
Sample
240919-ypfmlsxhqp
-
MD5
ec16850ff883bd0e1c6f5bcc479eab88
-
SHA1
8b325392ddf893b127ed3efe50622c5f64817c81
-
SHA256
c95b45fada3bec57cc9cbcc38c0ae95afe3a1b657b207b972d589d3c1f9102fc
-
SHA512
ecd01170c157cd64738e6b9a946f4ef769b4ea4b96ffc211e5eddb4e29b2ee39070933f8d76178dca93f70de1faa7f70e12eef6b222afc1a6a62703da3e5ca74
-
SSDEEP
6144:K1T7/luVDW/EnKSBu4/pYoNmyc3NuauTl+9Wu9syu03z:EXUVCE7/pra8VpuSez
Malware Config
Targets
-
-
Target
ec16850ff883bd0e1c6f5bcc479eab88_JaffaCakes118
-
Size
316KB
-
MD5
ec16850ff883bd0e1c6f5bcc479eab88
-
SHA1
8b325392ddf893b127ed3efe50622c5f64817c81
-
SHA256
c95b45fada3bec57cc9cbcc38c0ae95afe3a1b657b207b972d589d3c1f9102fc
-
SHA512
ecd01170c157cd64738e6b9a946f4ef769b4ea4b96ffc211e5eddb4e29b2ee39070933f8d76178dca93f70de1faa7f70e12eef6b222afc1a6a62703da3e5ca74
-
SSDEEP
6144:K1T7/luVDW/EnKSBu4/pYoNmyc3NuauTl+9Wu9syu03z:EXUVCE7/pra8VpuSez
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1