General
-
Target
f57367d418a00fb1535d3f30839f5590_JaffaCakes118
-
Size
848KB
-
Sample
240925-hsp3fs1frn
-
MD5
f57367d418a00fb1535d3f30839f5590
-
SHA1
480d4c97bd5335eafd367d8f5bd7ccfe2e1d9ee1
-
SHA256
c7ff39961ce9062dc88b4bfd32cf4d92e473239b5705e1692234563eb0565dc6
-
SHA512
eaf59ac2f0aea5fe4ec32858cb0c81972e08ec855b200718e9c35c7053c953cf38ab417defce4a539aa5ecced575ea6bdccbba662d13b5dddd69ca9ea5828837
-
SSDEEP
24576:Vdq1vtGMrxWAsh/2pWwnZ4vI5KwHPxSi:VcvtGA5sMN48KwHJ
Malware Config
Targets
-
-
Target
f57367d418a00fb1535d3f30839f5590_JaffaCakes118
-
Size
848KB
-
MD5
f57367d418a00fb1535d3f30839f5590
-
SHA1
480d4c97bd5335eafd367d8f5bd7ccfe2e1d9ee1
-
SHA256
c7ff39961ce9062dc88b4bfd32cf4d92e473239b5705e1692234563eb0565dc6
-
SHA512
eaf59ac2f0aea5fe4ec32858cb0c81972e08ec855b200718e9c35c7053c953cf38ab417defce4a539aa5ecced575ea6bdccbba662d13b5dddd69ca9ea5828837
-
SSDEEP
24576:Vdq1vtGMrxWAsh/2pWwnZ4vI5KwHPxSi:VcvtGA5sMN48KwHJ
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1