General
-
Target
133d5ac950ae2ff2df6f8df61e7443d8_JaffaCakes118
-
Size
1.2MB
-
Sample
241004-ny42fswfqg
-
MD5
133d5ac950ae2ff2df6f8df61e7443d8
-
SHA1
cb06409d410de6b8a89be36b0b08654afbb9eedc
-
SHA256
2b0262c5b7dece10ceb74b5a2214beb8c7eb50e78191134e81871d142f615580
-
SHA512
a9d6781aa16ef76607dcf27aa5c5b8988e1d6e7409ec527cfc12d1b4b8acd67a5943475a881f299a11d95a8e0a6a933140ee9cad33512e505b451cfc222c5f4a
-
SSDEEP
24576:h1OYdaO8gBZ/P0IEMNRZbkXIyx0jPohfjOyBu9hyHH8+UhnWb3aQA:h1OspEMNRZbkXIyx0jPKJuvyHH8hWGQA
Malware Config
Targets
-
-
Target
133d5ac950ae2ff2df6f8df61e7443d8_JaffaCakes118
-
Size
1.2MB
-
MD5
133d5ac950ae2ff2df6f8df61e7443d8
-
SHA1
cb06409d410de6b8a89be36b0b08654afbb9eedc
-
SHA256
2b0262c5b7dece10ceb74b5a2214beb8c7eb50e78191134e81871d142f615580
-
SHA512
a9d6781aa16ef76607dcf27aa5c5b8988e1d6e7409ec527cfc12d1b4b8acd67a5943475a881f299a11d95a8e0a6a933140ee9cad33512e505b451cfc222c5f4a
-
SSDEEP
24576:h1OYdaO8gBZ/P0IEMNRZbkXIyx0jPohfjOyBu9hyHH8+UhnWb3aQA:h1OspEMNRZbkXIyx0jPKJuvyHH8hWGQA
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1