General
-
Target
f63636da8137f975b4bff48693b77326_JaffaCakes118
-
Size
972KB
-
Sample
240925-rstv3szglm
-
MD5
f63636da8137f975b4bff48693b77326
-
SHA1
2f358bde65babd5c3b594bcc00292385ef32c38e
-
SHA256
939bc48327fb206b782b823dd226484610ee9c0d2ea1031994ca1adcce58acf2
-
SHA512
363b700b90121b0fe896e1cfb92c63d097c730c3d28241faa8f9d72cd13b0a4a89f392301ac8c90643d3bed38d13d45ddab68aad0fb8bd783d07261357f59155
-
SSDEEP
12288:e3iR/Sxzz6gJx4cpWKfsmHP5a1KZi2VXbg3PnU04vdotiuB+W8l1Io:YioJxnpWKfsEP5a1KcyXbg3PnCs+/HI
Malware Config
Targets
-
-
Target
f63636da8137f975b4bff48693b77326_JaffaCakes118
-
Size
972KB
-
MD5
f63636da8137f975b4bff48693b77326
-
SHA1
2f358bde65babd5c3b594bcc00292385ef32c38e
-
SHA256
939bc48327fb206b782b823dd226484610ee9c0d2ea1031994ca1adcce58acf2
-
SHA512
363b700b90121b0fe896e1cfb92c63d097c730c3d28241faa8f9d72cd13b0a4a89f392301ac8c90643d3bed38d13d45ddab68aad0fb8bd783d07261357f59155
-
SSDEEP
12288:e3iR/Sxzz6gJx4cpWKfsmHP5a1KZi2VXbg3PnU04vdotiuB+W8l1Io:YioJxnpWKfsEP5a1KcyXbg3PnCs+/HI
Score7/10-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4