General

  • Target

    2ec55ecdc4a32ad646c2ad1eb09c9bca_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241009-lj4e9svdmq

  • MD5

    2ec55ecdc4a32ad646c2ad1eb09c9bca

  • SHA1

    27d883703e3035f72ea808502cec36f5ee22c381

  • SHA256

    0622156672128934ab17a1c63221a5b2011e22318f25609d0cc5f442e1743dc1

  • SHA512

    3d4a62cd8808cf201d6dd3aee25c18487588b8b2becc90468c96cf124246c4b07ba21a854e2f9c74d4e8988e3127d1390eb4c186c3f911248bded48559475bc7

  • SSDEEP

    24576:OPHnNEK7vaXDgPdVLsMPo1n07+atcoi5i26SNGrqfcEy076CqPBfO7XZQDVeXs:qNUgPdVLFwB0Pt5ov6+fCK6CMteqP

Malware Config

Targets

    • Target

      2ec55ecdc4a32ad646c2ad1eb09c9bca_JaffaCakes118

    • Size

      1.6MB

    • MD5

      2ec55ecdc4a32ad646c2ad1eb09c9bca

    • SHA1

      27d883703e3035f72ea808502cec36f5ee22c381

    • SHA256

      0622156672128934ab17a1c63221a5b2011e22318f25609d0cc5f442e1743dc1

    • SHA512

      3d4a62cd8808cf201d6dd3aee25c18487588b8b2becc90468c96cf124246c4b07ba21a854e2f9c74d4e8988e3127d1390eb4c186c3f911248bded48559475bc7

    • SSDEEP

      24576:OPHnNEK7vaXDgPdVLsMPo1n07+atcoi5i26SNGrqfcEy076CqPBfO7XZQDVeXs:qNUgPdVLFwB0Pt5ov6+fCK6CMteqP

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks