General
-
Target
084a2ce309647224862ef3a3446942a7_JaffaCakes118
-
Size
83KB
-
Sample
241002-b22z2s1cjm
-
MD5
084a2ce309647224862ef3a3446942a7
-
SHA1
ab10b21cee7349886845d3555ac5eeec7aba4f02
-
SHA256
bbd610198c2025a8cbc3fbda8e5c8e4a2ab89c1a5e10f3fd35f72acbdde1ed27
-
SHA512
478616d17ce56aba188b01780506c8a457e18f4dfd6a94e31977685161cfbe517dab821b504bb39b0744f89184b2e2b81a6d9d6dea3a3b48b55cd863160610f4
-
SSDEEP
1536:6xQ+aJe1mgawzxsBub8PCn1jIHxATVG/U1Hne7/PFm/dtAyHS5mOgeLtLm5z2BZU:6xQ+aJe1mgawzxsBub861jIHxow/U1+G
Malware Config
Extracted
Protocol: ftp- Host:
ftpserver.esmartdesign.com - Port:
21 - Username:
saj0121 - Password:
amaan
Targets
-
-
Target
084a2ce309647224862ef3a3446942a7_JaffaCakes118
-
Size
83KB
-
MD5
084a2ce309647224862ef3a3446942a7
-
SHA1
ab10b21cee7349886845d3555ac5eeec7aba4f02
-
SHA256
bbd610198c2025a8cbc3fbda8e5c8e4a2ab89c1a5e10f3fd35f72acbdde1ed27
-
SHA512
478616d17ce56aba188b01780506c8a457e18f4dfd6a94e31977685161cfbe517dab821b504bb39b0744f89184b2e2b81a6d9d6dea3a3b48b55cd863160610f4
-
SSDEEP
1536:6xQ+aJe1mgawzxsBub8PCn1jIHxATVG/U1Hne7/PFm/dtAyHS5mOgeLtLm5z2BZU:6xQ+aJe1mgawzxsBub861jIHxow/U1+G
Score10/10-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-