General
-
Target
f1bb608fc3469071c9e53176a8ed4b1c_JaffaCakes118
-
Size
4.7MB
-
Sample
240922-lcqktssdrf
-
MD5
f1bb608fc3469071c9e53176a8ed4b1c
-
SHA1
ce2566f17c0122c98aeb641cee58be6aa1713bf9
-
SHA256
954f8c802c2dff2bcd7712c2a7a89b1f566eb76d347a7f9cb3b4a2a21832dd45
-
SHA512
d2c848e16bb5654a429918bf2ac3f4703beed3593e53be2b1e0b397fe8a1772245ff7dce7faedb9d23fe8d84d152f1aa91dcfcf5f8fd9323d7f8a9683608cf04
-
SSDEEP
98304:Hziv6BKfqznyVk+y4LxwpYizyk1VuXNR2lD9tDoe1NGdWrzrzmYrK:mv6B7VYDk1VuTm9xoe+on
Behavioral task
behavioral1
Sample
f1bb608fc3469071c9e53176a8ed4b1c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f1bb608fc3469071c9e53176a8ed4b1c_JaffaCakes118
-
Size
4.7MB
-
MD5
f1bb608fc3469071c9e53176a8ed4b1c
-
SHA1
ce2566f17c0122c98aeb641cee58be6aa1713bf9
-
SHA256
954f8c802c2dff2bcd7712c2a7a89b1f566eb76d347a7f9cb3b4a2a21832dd45
-
SHA512
d2c848e16bb5654a429918bf2ac3f4703beed3593e53be2b1e0b397fe8a1772245ff7dce7faedb9d23fe8d84d152f1aa91dcfcf5f8fd9323d7f8a9683608cf04
-
SSDEEP
98304:Hziv6BKfqznyVk+y4LxwpYizyk1VuXNR2lD9tDoe1NGdWrzrzmYrK:mv6B7VYDk1VuTm9xoe+on
-
Taurus Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
2Credentials in Registry
1