General
-
Target
25ee56a83e55e01ab94c98b1512fbb67_JaffaCakes118
-
Size
1.2MB
-
Sample
241008-1n2vkatgqd
-
MD5
25ee56a83e55e01ab94c98b1512fbb67
-
SHA1
2906f58b6428450c7e17d44cc7ea5a97c7eca527
-
SHA256
ffb5becce9a62f444543ed2d0dc5ba8356ddb1c8085af1c9b92b456337c5a796
-
SHA512
57ea47ad0a46104f22e19eb20da3f758b2f2a4f61a72f664290dca006ea4d8d72c2e9e76618da695ae5653aecf3bc0f4cacee36efaef8ae7c5b55191f3f6b836
-
SSDEEP
24576:h1OYdaObIEMNRZbkXIyx0jPohfjOyBu9hyHH8+UhnWb3aQ7:h1OsSEMNRZbkXIyx0jPKJuvyHH8hWGQ7
Malware Config
Targets
-
-
Target
25ee56a83e55e01ab94c98b1512fbb67_JaffaCakes118
-
Size
1.2MB
-
MD5
25ee56a83e55e01ab94c98b1512fbb67
-
SHA1
2906f58b6428450c7e17d44cc7ea5a97c7eca527
-
SHA256
ffb5becce9a62f444543ed2d0dc5ba8356ddb1c8085af1c9b92b456337c5a796
-
SHA512
57ea47ad0a46104f22e19eb20da3f758b2f2a4f61a72f664290dca006ea4d8d72c2e9e76618da695ae5653aecf3bc0f4cacee36efaef8ae7c5b55191f3f6b836
-
SSDEEP
24576:h1OYdaObIEMNRZbkXIyx0jPohfjOyBu9hyHH8+UhnWb3aQ7:h1OsSEMNRZbkXIyx0jPKJuvyHH8hWGQ7
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1