General

  • Target

    1252c8d9d8101cba82ac58077b236ed9_JaffaCakes118

  • Size

    743KB

  • Sample

    241004-hvw9jsvbnf

  • MD5

    1252c8d9d8101cba82ac58077b236ed9

  • SHA1

    93088b414ed2c0f76085eaedf177340db2179e16

  • SHA256

    b4fe448064bd73c7c3d3d6e594fda0c29d59bbfc09d629e06d76ae4d101eeaf0

  • SHA512

    a1a6be67a83c286100631a3fbe12822adfb1e9f09c58da64d94a2c9b5046082f7e0bfafb25bc74aa60a4f0a1f7421e1e14fcf776a7d36cb97eda5ad2b19ad2cf

  • SSDEEP

    12288:SfUfEpv+lDZwJ+3rU/orUZoPEMscDQRYHKwcpJK1diHa2hM7GUYQ9lw8sc:bQmDZ33rUArUOPPQ6gudiOYQnX/

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    Smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    slapperz

Targets

    • Target

      1252c8d9d8101cba82ac58077b236ed9_JaffaCakes118

    • Size

      743KB

    • MD5

      1252c8d9d8101cba82ac58077b236ed9

    • SHA1

      93088b414ed2c0f76085eaedf177340db2179e16

    • SHA256

      b4fe448064bd73c7c3d3d6e594fda0c29d59bbfc09d629e06d76ae4d101eeaf0

    • SHA512

      a1a6be67a83c286100631a3fbe12822adfb1e9f09c58da64d94a2c9b5046082f7e0bfafb25bc74aa60a4f0a1f7421e1e14fcf776a7d36cb97eda5ad2b19ad2cf

    • SSDEEP

      12288:SfUfEpv+lDZwJ+3rU/orUZoPEMscDQRYHKwcpJK1diHa2hM7GUYQ9lw8sc:bQmDZ33rUArUOPPQ6gudiOYQnX/

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks