General
-
Target
fb317b990f2f41f7de3a4be4d67db9b2_JaffaCakes118
-
Size
160KB
-
Sample
240928-a3nndaxhnl
-
MD5
fb317b990f2f41f7de3a4be4d67db9b2
-
SHA1
3890c26a6052090c88c953b01a69b7e19439442b
-
SHA256
5d779261d7787da657d9e77b3dee4a4371f3f5432592ad8c60e8863209f2285c
-
SHA512
c9efcca432a770e06877d51f4fec58412a569c9ee5a335d2d5ff6b2f1c9185b8a6e5cfb7e1ee279401b8716f71be996633bc87b2f420c64c21441b7539094986
-
SSDEEP
3072:m6cpbetNSe92q0158JUMD3cvC5qrI/q07:m6cBetke92q458qYKCwrR07
Malware Config
Targets
-
-
Target
fb317b990f2f41f7de3a4be4d67db9b2_JaffaCakes118
-
Size
160KB
-
MD5
fb317b990f2f41f7de3a4be4d67db9b2
-
SHA1
3890c26a6052090c88c953b01a69b7e19439442b
-
SHA256
5d779261d7787da657d9e77b3dee4a4371f3f5432592ad8c60e8863209f2285c
-
SHA512
c9efcca432a770e06877d51f4fec58412a569c9ee5a335d2d5ff6b2f1c9185b8a6e5cfb7e1ee279401b8716f71be996633bc87b2f420c64c21441b7539094986
-
SSDEEP
3072:m6cpbetNSe92q0158JUMD3cvC5qrI/q07:m6cBetke92q458qYKCwrR07
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Server Software Component: Terminal Services DLL
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1Remote System Discovery
2System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Network Connections Discovery
1