General
-
Target
ed039c91cbd802016c0052cfb7c7479a_JaffaCakes118
-
Size
537KB
-
Sample
240920-g7mefatbkl
-
MD5
ed039c91cbd802016c0052cfb7c7479a
-
SHA1
f6b0be96bc72960edac79c3d19202ead6741ea35
-
SHA256
0dd4d407bbb948208a776f1254584bac0ae01fb724cfb7c44b5e46c8496be2ff
-
SHA512
a79fcb9de2e4a8abc599a26f7644ac7f3c221732d722617d3f02272b42143b24d1eeb553bed5b2644e2aa6968636b1b21ae82a5435934edaa1d51ee50a86ac17
-
SSDEEP
12288:Q77P4DWh9VWaOP6ExsZzKITASpLpQWBtD:Q778WRTMTsZLE0m
Static task
static1
Behavioral task
behavioral1
Sample
ed039c91cbd802016c0052cfb7c7479a_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ed039c91cbd802016c0052cfb7c7479a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
QGDOUOSDWX
Targets
-
-
Target
ed039c91cbd802016c0052cfb7c7479a_JaffaCakes118
-
Size
537KB
-
MD5
ed039c91cbd802016c0052cfb7c7479a
-
SHA1
f6b0be96bc72960edac79c3d19202ead6741ea35
-
SHA256
0dd4d407bbb948208a776f1254584bac0ae01fb724cfb7c44b5e46c8496be2ff
-
SHA512
a79fcb9de2e4a8abc599a26f7644ac7f3c221732d722617d3f02272b42143b24d1eeb553bed5b2644e2aa6968636b1b21ae82a5435934edaa1d51ee50a86ac17
-
SSDEEP
12288:Q77P4DWh9VWaOP6ExsZzKITASpLpQWBtD:Q778WRTMTsZLE0m
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Scripting
1