General
-
Target
f012011effe81d1647348ff0ac1bc3d0_JaffaCakes118
-
Size
4.6MB
-
Sample
240921-smhraszajm
-
MD5
f012011effe81d1647348ff0ac1bc3d0
-
SHA1
3354943ef434f9dd4c77f6f295d74523ef8dd579
-
SHA256
d044cabbdf62a9c32258c0f405a1a97f51fb396fc1f069824b4ed5a0d7ec55be
-
SHA512
29611980b3d30ec01d5f04882665a5d342f8b928c1055debc93b567969119e873c85a36947f31757c090461238cbe03678c21fe83f6b91a1f993287fb1e86c6a
-
SSDEEP
98304:8eZ1EfKL6aYIGujG18mgkMXiNKzxGo5egy7mzOjsP+k+YE3QIBCvHs0:8ScszYIGwG18E3NKzXzqQPl3E3avM0
Malware Config
Targets
-
-
Target
f012011effe81d1647348ff0ac1bc3d0_JaffaCakes118
-
Size
4.6MB
-
MD5
f012011effe81d1647348ff0ac1bc3d0
-
SHA1
3354943ef434f9dd4c77f6f295d74523ef8dd579
-
SHA256
d044cabbdf62a9c32258c0f405a1a97f51fb396fc1f069824b4ed5a0d7ec55be
-
SHA512
29611980b3d30ec01d5f04882665a5d342f8b928c1055debc93b567969119e873c85a36947f31757c090461238cbe03678c21fe83f6b91a1f993287fb1e86c6a
-
SSDEEP
98304:8eZ1EfKL6aYIGujG18mgkMXiNKzxGo5egy7mzOjsP+k+YE3QIBCvHs0:8ScszYIGwG18E3NKzXzqQPl3E3avM0
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Modifies Windows Firewall
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fbe295e5a1acfbd0a6271898f885fe6a
-
SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da
-
SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
-
SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
SSDEEP
192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score3/10 -
-
-
Target
Tools/modules/bugreport.hta
-
Size
27KB
-
MD5
492b077cd9c947c4cccab9acd25e6c43
-
SHA1
b34ba31c78d48fd1ccd4e43cb2bec1db3155a97c
-
SHA256
14763e4336a3f96fa2d9aeb5a55dfad39672ba2ce68114c582c56d874350c386
-
SHA512
37127dfcd39c3ed973c4e1ba1d0aca9b11b719fbb9c29b668128a50ef44217e16621a7f8e20b924320fb63ac603f19836ec861695f4a5f486f5b7747b309b669
-
SSDEEP
192:cZGGdaWZf6bORA1bwDtGaTi6I9BcwlnXLH8goq7i31GsRr8hd4S1JLMAHgPx0HS6:cdZKORA0tGp6iBceX7B7i3Yq8hd4fu
Score3/10 -
-
-
Target
Tools/run.hta
-
Size
2KB
-
MD5
d0e69969ac10cee9ac933c3223542059
-
SHA1
7f9246b3bcb6f1cf1b5d9f26ad7a747dc4fbceb3
-
SHA256
11abb36beb797e400f6d5fc924f8ae07f40ec41aeb1b1b43f6583bb60a875cd5
-
SHA512
4bd2df510345263952df26c7b6c9f2fc57e1af4046919d68f8a9aa3c8b1d60127a4bef6b75bf915710287e8a1e442437dde135eb3ac7d4dc10321ffbf97dc2d6
Score8/10-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
-
-
Target
config.js
-
Size
3KB
-
MD5
2fc2b0019347fb6341dad4ca9cd61209
-
SHA1
588902aaf3e6a137af053776383f68d69ab7b304
-
SHA256
0a1b59412992ec4bcbdee8730097fe9e2902e430cb188462b8a0260300c5f0f2
-
SHA512
2b883a757ac567b0235daffca2f9bcce7e6b7bdfc613c9c7eff44134a900a1ee10a45e3898f6d43bc3a792227a4698b0468458cccaf2950f6dde26fbbd6b3758
Score3/10 -
-
-
Target
drp.js
-
Size
2.5MB
-
MD5
76eb358be2f1d0dd234b0c6c9bdb0ea7
-
SHA1
3cd02ba644b13734bb64f341f10cef30a070bff3
-
SHA256
6771819928547d87e6f001b24b3831af96fa711dd61e15d85d1fda92c7e08400
-
SHA512
84820894213e9f8888220e9e3ed45c688ea86c81b35726a24d67d91f09908006efbf96363b41cbd6e1fb8ffe4a6da8c7fd9928a93888689286d2e38c1bb6d41f
-
SSDEEP
49152:AhMK9qTJUMt2cJTjOEWzUsBIF/EPCVcc5GJOljSY3qEJlq5JKOXk7NowhgrC4rK2:A
Score3/10 -
-
-
Target
js/soft.js
-
Size
111KB
-
MD5
821d097ffe3ba78a65c32efcde0c9c67
-
SHA1
c572fb7e0ebd4d7db74eae4cf04dac809368e825
-
SHA256
1d1c51dd36e0aedaa208488af8ee87aac2b30ee00f2868c6493d93ce7a84ef34
-
SHA512
3646ba771b1492b5872fb18fc81d78f3afecae9ea4bcc6338b38fec11132b7ed6eea5cc9ed2a5135fa3ef40e3352dec30ff6ed849544e3aa98fa6d5051f58bd9
-
SSDEEP
768:y3Yt2tEtEt8YtBtb67deTVzt2SglWYBtreK/obESasHYv:zWQQ88zb67deTVB2SglWYLEYv
Score3/10 -
-
-
Target
languages/ar.js
-
Size
66KB
-
MD5
8f186496eda64c8faaad8bd7fd309492
-
SHA1
9a2290db77e389928ab609b3c4116111324246c0
-
SHA256
e42cbd470b7fcebeac9350ca62758fd9c1fb8c27ab0ab6a0b8d9556e2dfaa653
-
SHA512
5a8e12f767ee280f25323fe06815d7291c0ce43e3c9266d3fddc26fad32fc4d45c340d8ae070c3f7b37127f1d69256485a395735d4272277d40cbe044e04dc78
-
SSDEEP
1536:Iejjq4P0k5PcjqrMz0tlqlrGQB3Lql7R2jQg1HqlC/t8Dd8D8W1huMuXFj6W69eV:Bjj3Mk5PteBluXjdCOcD239
Score3/10 -
-
-
Target
languages/az.js
-
Size
60KB
-
MD5
643d280ede366072f3c9bb7573e58692
-
SHA1
5edeffd0f2a09a4d702629fa3c2d5be9e0813fb6
-
SHA256
9fefa247580ac5096b4fa99dc8440490273e745527b82232928b646efda4ff2e
-
SHA512
b006a897e98b3a24280d3be12a8779535e0a0a04affe9bc8bbb8153ccc25d15a4790be4ee7cc1e1efd6ca8073bf02b2b642bcc4a418c454c31151f453f42368c
-
SSDEEP
1536:5eWqNVGWURh3wAHz/bIHysUWPTvpozRHlcL9hC+s7UGZPHIGPsogjHx71ly4xsnq:8WqNVGW0hgAT0aq61LgLFQfS
Score3/10 -
-
-
Target
languages/be.js
-
Size
70KB
-
MD5
fa8b0c422d03d4d6958435ef650eef1a
-
SHA1
02477b6b9507c08e24c439723a2a769258482190
-
SHA256
86a9f9cff61aae3d9f7e50d57f05157d9d921df813e46446ad8fc6306f5d7e32
-
SHA512
ed5db57871398e5c9b065ba4401cd865cafa5addb35110fda8b233d37e4bc859072d1a53c0c7b28996adfa1841935fd469f4360e23be006871deecc18b6c5482
-
SSDEEP
1536:8eE7xu0d6vmb7mnUDtlwE7l5/e1pNFZ5kl98ZfwshAt7/bfqcAbf1Ijy/XnUqsPV:dcxu0yiOpIQWO37mF
Score3/10 -
-
-
Target
languages/bg.js
-
Size
73KB
-
MD5
519a12125a25a5e1ecf2ea69bcdcb6c2
-
SHA1
55acfe31f343694145acde3582bb72afda9454ec
-
SHA256
9ed5543fff2faed3a7fc35a8e9a1f3322ca582565c87dd22dd97f88a6cb33b46
-
SHA512
5bfc03dfdfc9b819ba56fd42b6a929de14a42c42bd3d0cdbf4298151a617b934973a483771bd70764847b9cb0effe2863f22a00e21588dbec71d1d188eba7e50
-
SSDEEP
1536:NexxxzwDozfIlrW6ZsJZ2iTWM4XXhurQWPsG0VRtkY+1jsJI/A8qlo6YjoiDcgzx:YxxdwI/XhM1Y
Score3/10 -
-
-
Target
languages/bn.js
-
Size
86KB
-
MD5
c7213a558a4265a5ff7c733e14301978
-
SHA1
1eafcabd029e430bd7e48d8f71d51bb85fb1d317
-
SHA256
21c16f22e2ffe7f58d27dd2c15bf8ed7c902afd18d84580bc7802a1cb0391d74
-
SHA512
f6ca7c980620cbf02d4aa0dc6e37afa2527889a82238d2d45be3e4f843cfb27ea6fa4b16d6b23e3eee62606b50e746bed30647913f2df40fda80576cd67acb4e
-
SSDEEP
1536:UesKjsRhOnjz/1lCySRNuZp5Hm4px8gjFiFr4EK8p5CrieT348DwLZS2EkzGF++0:FDCMqEda
Score3/10 -
-
-
Target
languages/ca.js
-
Size
55KB
-
MD5
13080fe698f313160295437dfb304f8b
-
SHA1
8282cca3b39f1855ed1e805a31df9fbd19f97cea
-
SHA256
d31c61c16e05d52c88cc1337ecea8c47d657a9b848e5dd0baf6fddb1db6f2ab7
-
SHA512
824c50bc215a673b5b9f630d8e7d1a56d029095773b45da917702c4afcc8f7acf84ef8f200d7ba20519080072b9b20c85adc73a3bf7da8ad82ee6aef8725b50e
-
SSDEEP
1536:cez3aNqTtcpUIwbH1JJmAqmVpPgH8CfWME+s25HBa0vG5+0o/g1ZPYBGom+1+oT6:9z3rTQFwrpFYm+pgB
Score3/10 -
-
-
Target
languages/cs.js
-
Size
51KB
-
MD5
dbd2c081dbc9b38f48a765114bc4cf35
-
SHA1
5f340811b916501d4019eb18a23d0fbe6a69e042
-
SHA256
9552f6906b65d4224fe6157c0b8e3171cbde0af326d1fdca8f1671644a0d60d6
-
SHA512
49b83f17a959820d81d42a3b5baf28290e5d0883729bd536a347a819713085c4fb7b2876d24c6b212a8cc78034f0132bb9a9975f144fdd856270e1d9b2752665
-
SSDEEP
1536:BeIoHaaxTQPEy1zVQl3fTI8FO6bH+hbMD06ymbQquzoJL3yH8O1tmek0lE65A7lO:0njtQMy5RH/
Score3/10 -
-
-
Target
languages/de.js
-
Size
53KB
-
MD5
f215a8e2f3c4e40c713a59e7c00a1340
-
SHA1
14c0019fa9d8ce79e0e499a8e1cb052557e8b35f
-
SHA256
9f01e1dd1f785ebf7703717034c68ec33a3886546690ad03cbaf51875e933721
-
SHA512
8c53848a9e7ff194812056c534bc0ce6ff10dbd2eeda141ee2bff56d887b6fb0f51e83dc62e7f73d06df33eea287690d57c341bc0f96260886b8cc86d984ebf6
-
SSDEEP
1536:peRRJ2vf8Y09puxIhzjZlSmvPavPCD+/lhu5ztVIRhCqMWW98/CYsQHWyEZ+KtfB:sBp5p9Bm2
Score3/10 -
-
-
Target
languages/el.js
-
Size
59KB
-
MD5
a4e01f5e3b7b134c266b5dabc71c1d12
-
SHA1
ceb0ecc70115a2f9883a7f11ce82c146239a51f0
-
SHA256
52234ad09dec3c0758de2689a6b15beff735b4d7e103a3e60fa4adb9f595da6c
-
SHA512
abefc4d7827a887bc3987b7233dd450943fc8b8e262d9d84d00689e00b2485a24294d25f0a64f95a95e9b2ba0a81ad55c025f06d723c50259f6daeffaae117e1
-
SSDEEP
1536:HeiAXiQCqAvnpkjchnr9VurzVQl3foUTzO/xm+hbMX2JyKh+h5JFB/CIQkYfbO1e:+3SQCRvnpGchnZV7JKKRHG
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1