General

  • Target

    0c5c70f2ed7ec1b49a592777340ecd2d_JaffaCakes118

  • Size

    487KB

  • Sample

    241002-zby3gavfmp

  • MD5

    0c5c70f2ed7ec1b49a592777340ecd2d

  • SHA1

    dc2acb0ff964e1269c2f5879573fca2653f1b66d

  • SHA256

    7692259c2ffabd717f0ca3c68702e8fabf6b3294b8a61ede5757d21834468a1c

  • SHA512

    5e22ad0463b636a13975eeddfdccd7c676cbdc63850b280247da011f139e415a5f03663e29a87a997ca90e2031dbd0acb89fa817d3943685e7cd66c46e6c7ba5

  • SSDEEP

    12288:m8is8q5pvWYM+tLdy1V7UqkBZDUhog6DaWUboSQ:NR7hdyvU3jOoxUu

Malware Config

Targets

    • Target

      0c5c70f2ed7ec1b49a592777340ecd2d_JaffaCakes118

    • Size

      487KB

    • MD5

      0c5c70f2ed7ec1b49a592777340ecd2d

    • SHA1

      dc2acb0ff964e1269c2f5879573fca2653f1b66d

    • SHA256

      7692259c2ffabd717f0ca3c68702e8fabf6b3294b8a61ede5757d21834468a1c

    • SHA512

      5e22ad0463b636a13975eeddfdccd7c676cbdc63850b280247da011f139e415a5f03663e29a87a997ca90e2031dbd0acb89fa817d3943685e7cd66c46e6c7ba5

    • SSDEEP

      12288:m8is8q5pvWYM+tLdy1V7UqkBZDUhog6DaWUboSQ:NR7hdyvU3jOoxUu

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.