General

  • Target

    fe4a4e8e594456960f7abf7838a7133d_JaffaCakes118

  • Size

    311KB

  • Sample

    240929-l1qwhasdqc

  • MD5

    fe4a4e8e594456960f7abf7838a7133d

  • SHA1

    153996e2f4523d187c6b1e7f4c1d2e3ff99fe53a

  • SHA256

    afdc6ad352071c74d625db103fc29d683c0d435e59a583105365c95b1f2707f3

  • SHA512

    18319e0ad5b5c0de22ac4d4302ee29efc026291cc470912d40fe0b2ab9aa36fce6978dc053108684c8c3ffda87427400e2f9abe0b90b74fa494617e4fa32d2df

  • SSDEEP

    6144:P53mOE5G9LNFeDcl99RxyojknbKKadPsNlTJZbTzJ2:P5eaz3jJK2PkbTzJ2

Malware Config

Targets

    • Target

      fe4a4e8e594456960f7abf7838a7133d_JaffaCakes118

    • Size

      311KB

    • MD5

      fe4a4e8e594456960f7abf7838a7133d

    • SHA1

      153996e2f4523d187c6b1e7f4c1d2e3ff99fe53a

    • SHA256

      afdc6ad352071c74d625db103fc29d683c0d435e59a583105365c95b1f2707f3

    • SHA512

      18319e0ad5b5c0de22ac4d4302ee29efc026291cc470912d40fe0b2ab9aa36fce6978dc053108684c8c3ffda87427400e2f9abe0b90b74fa494617e4fa32d2df

    • SSDEEP

      6144:P53mOE5G9LNFeDcl99RxyojknbKKadPsNlTJZbTzJ2:P5eaz3jJK2PkbTzJ2

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks