General

  • Target

    fa2f3ffb34db747f9e0f71db54366828_JaffaCakes118

  • Size

    8.8MB

  • Sample

    240927-ltz6lawgkm

  • MD5

    fa2f3ffb34db747f9e0f71db54366828

  • SHA1

    bce3c4f26fe9620689bd789eb289bddb95b13c07

  • SHA256

    7a9c0e726aa4db17aeec45f63425219a098756dc6a434c084853c98e3d4ec9eb

  • SHA512

    44d22f63e5d8bea4411da3d3f224fc468b798032b967ac73ec38cdb14bd6f5bab7014b2e82aad442cba302b60b5f18e1df3d1f49c54c60dee44c5e4dee6d7dde

  • SSDEEP

    196608:64wb69bPe3Fd+FPhQVjFA7t2RHfYlQZJgTamGcBiG:64AqL7h6AWHf3A

Malware Config

Targets

    • Target

      fa2f3ffb34db747f9e0f71db54366828_JaffaCakes118

    • Size

      8.8MB

    • MD5

      fa2f3ffb34db747f9e0f71db54366828

    • SHA1

      bce3c4f26fe9620689bd789eb289bddb95b13c07

    • SHA256

      7a9c0e726aa4db17aeec45f63425219a098756dc6a434c084853c98e3d4ec9eb

    • SHA512

      44d22f63e5d8bea4411da3d3f224fc468b798032b967ac73ec38cdb14bd6f5bab7014b2e82aad442cba302b60b5f18e1df3d1f49c54c60dee44c5e4dee6d7dde

    • SSDEEP

      196608:64wb69bPe3Fd+FPhQVjFA7t2RHfYlQZJgTamGcBiG:64AqL7h6AWHf3A

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/IceDragonPlugin.dll

    • Size

      2.1MB

    • MD5

      0f5f24058e46a85d65f35d856e063ddb

    • SHA1

      5dbefd4a5705c9edaa85c930b297929fd9abb2ba

    • SHA256

      e01e1e6d73392a90973e60d384c88855de05f8024c76ab1a94229a87191f2029

    • SHA512

      636653a1a98715d58b8b7a1be917dc470f9c660f75710908cb3caa9c03d2a9b5b3bc6fa0514a28d18873df39aa18151417bdb55e0e655ee21fb1595cf6a9830d

    • SSDEEP

      49152:VgAKpuiJ74tbytjU08Amwb9bPeGDDu0rkFd+FKnTbTyLyy:t4uiJ7ib6LNm8bPeeDu04Fd+FK

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      4cb36c62157fe5bf48aa7f20bc0a9eb0

    • SHA1

      ca194fb9ab75fbf23a0eb0814fd44996b5959210

    • SHA256

      a4774fa2602702951839d3d3a593f3b39e71e14c3fbab77bf6274935924d755b

    • SHA512

      fd141c0b8ead070b2b266344ad6e804df24a2dd578f78285ece6e003de35b4dfdac1ebbcc0ce2ca6f0a4e5673fc0e26639dcc5073e4e474d4ddcca9c6f978cdd

    • SSDEEP

      192:24n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjJK72dwF7dBOne:Xn3T5KdHCMRD/R1cOnrjJ+BO

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll

    • Size

      5.8MB

    • MD5

      bad139a2d8491896ce10ee8e4e55a921

    • SHA1

      4346289950aa9b547d96553ced684b6a05af0234

    • SHA256

      363e9c63b62d61ff3dd5f3cb1de5d9c2320c95787ae0a30035c19f01adebb0c3

    • SHA512

      7ba1908909237986c573244743f4632dde72da9f708c151879102633f7bd7cffbaf1f79b3bb3797952304248aae9dd984f6a07a9dbf6433cc5b2d7f72ee80e15

    • SSDEEP

      98304:Oj0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0:OjFA7t2RHfYlQZJgTamGcBi

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      4d3b19a81bd51f8ce44b93643a4e3a99

    • SHA1

      35f8b00e85577b014080df98bd2c378351d9b3e9

    • SHA256

      fda0018ab182ac6025d2fc9a2efcce3745d1da21ce5141859f8286cf319a52ce

    • SHA512

      b2ba9c961c0e1617f802990587a9000979ab5cc493ae2f8ca852eb43eeaf24916b0b29057dbff7d41a1797dfb2dce3db41990e8639b8f205771dbec3fd80f622

    • SSDEEP

      192:BPtkumJX7zB22kGwfy0mtVgkCPOse1un:u702k5qpdseQn

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      05450face243b3a7472407b999b03a72

    • SHA1

      ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    • SHA256

      95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    • SHA512

      f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Score
    3/10
    • Target

      $PLUGINSDIR/registry.dll

    • Size

      24KB

    • MD5

      2b7007ed0262ca02ef69d8990815cbeb

    • SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

    • SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    • SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • SSDEEP

      384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA

    Score
    3/10
    • Target

      $PLUGINSDIR/version.dll

    • Size

      6KB

    • MD5

      ebc5bb904cdac1c67ada3fa733229966

    • SHA1

      3c6abfa0ddef7f3289f38326077a5041389b15d2

    • SHA256

      3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

    • SHA512

      fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

    • SSDEEP

      96:nPtMckE1e91BopVyXwUhn3f1I0vOKeoqO4d8QvS9:n1MMuOUhdI0c04yV9

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks