General
-
Target
2835151c3d98067e05022d71aef97afa_JaffaCakes118
-
Size
864KB
-
Sample
241009-bhhgasxann
-
MD5
2835151c3d98067e05022d71aef97afa
-
SHA1
08691940e3b30ae2279df40418ec776343bb7d23
-
SHA256
82a6b13fe354c934550e972432c60df741240268c4cc567355633a3de9780ad5
-
SHA512
c2308431e76657fd59a28c2544c930c53d1669844f6a8143c1fe296ca50c34856ad67076124da28c61fec4dc56644bf876c7cb2e9a9b9b0107491b511a56e071
-
SSDEEP
24576:FC3vGDckN06bu0/HpZTvHUR7lpBMMMCZSpR9:I/GDco7uQHzHURJpBMMMCZSpR9
Malware Config
Targets
-
-
Target
2835151c3d98067e05022d71aef97afa_JaffaCakes118
-
Size
864KB
-
MD5
2835151c3d98067e05022d71aef97afa
-
SHA1
08691940e3b30ae2279df40418ec776343bb7d23
-
SHA256
82a6b13fe354c934550e972432c60df741240268c4cc567355633a3de9780ad5
-
SHA512
c2308431e76657fd59a28c2544c930c53d1669844f6a8143c1fe296ca50c34856ad67076124da28c61fec4dc56644bf876c7cb2e9a9b9b0107491b511a56e071
-
SSDEEP
24576:FC3vGDckN06bu0/HpZTvHUR7lpBMMMCZSpR9:I/GDco7uQHzHURJpBMMMCZSpR9
Score7/10-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1