General
-
Target
edbe0b538e2c8428fd5bfecb066f9921_JaffaCakes118
-
Size
1.1MB
-
Sample
240920-rawlyszgqk
-
MD5
edbe0b538e2c8428fd5bfecb066f9921
-
SHA1
706d1dd3a31e11c578a38db05dd50a2c49ffc4cd
-
SHA256
3bb489de34df3c2bbe7684a562f3eae17e5c66b1b82c13011bf250768eb79603
-
SHA512
b3e98dc74119bf7e34dc6049a6e00ed44d83700822749396a1eff5e3f0c032cdc85f9eb5092bca163758d95e907b737aad42256e12a069e3a29a98ded179e18b
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Malware Config
Targets
-
-
Target
edbe0b538e2c8428fd5bfecb066f9921_JaffaCakes118
-
Size
1.1MB
-
MD5
edbe0b538e2c8428fd5bfecb066f9921
-
SHA1
706d1dd3a31e11c578a38db05dd50a2c49ffc4cd
-
SHA256
3bb489de34df3c2bbe7684a562f3eae17e5c66b1b82c13011bf250768eb79603
-
SHA512
b3e98dc74119bf7e34dc6049a6e00ed44d83700822749396a1eff5e3f0c032cdc85f9eb5092bca163758d95e907b737aad42256e12a069e3a29a98ded179e18b
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Event Triggered Execution: Image File Execution Options Injection
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1