General
-
Target
2a6b79d2d8c78d9a6d5f63d203746153_JaffaCakes118
-
Size
218KB
-
Sample
241009-ejadvsxgmc
-
MD5
2a6b79d2d8c78d9a6d5f63d203746153
-
SHA1
86ee77ac3d94e1a7808aa0aea553fa8ec81ae4e6
-
SHA256
63362870ddc6f6f06a3f59415006ac48975cca308c4b285a63851dcbb8b295c4
-
SHA512
cd1ee1c432016c5070ce57d4264738617d9e2a43b606991434fa5b9ebf479a1031b26a452e14cdfbf05b4d15a9574164c42ea8cf88fc6717fef7f867b99dc246
-
SSDEEP
6144:A/6zy3sq8j1/EKd4ReLZkouP5F6wUEzErL6xPh:0hsq8j9d4sOouRAVE0L
Malware Config
Targets
-
-
Target
2a6b79d2d8c78d9a6d5f63d203746153_JaffaCakes118
-
Size
218KB
-
MD5
2a6b79d2d8c78d9a6d5f63d203746153
-
SHA1
86ee77ac3d94e1a7808aa0aea553fa8ec81ae4e6
-
SHA256
63362870ddc6f6f06a3f59415006ac48975cca308c4b285a63851dcbb8b295c4
-
SHA512
cd1ee1c432016c5070ce57d4264738617d9e2a43b606991434fa5b9ebf479a1031b26a452e14cdfbf05b4d15a9574164c42ea8cf88fc6717fef7f867b99dc246
-
SSDEEP
6144:A/6zy3sq8j1/EKd4ReLZkouP5F6wUEzErL6xPh:0hsq8j9d4sOouRAVE0L
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4