General

  • Target

    2eed52c3878912953cb4306b8949d86f_JaffaCakes118

  • Size

    92KB

  • Sample

    241009-lrgw8szgkc

  • MD5

    2eed52c3878912953cb4306b8949d86f

  • SHA1

    16547a49a3deb6d6259174d358286d7236330e85

  • SHA256

    c7ea1fdfcb2e698a7095024bc1df8843806bd38836c95b49737400b3544f29ee

  • SHA512

    39a55c6c4937878d309eb00a453bc71a913900fc05460fd2641a887e35d8cb217f1b92b01a35928b398d7ee57158a8af6c3b841cb94ea34683317e708306fa67

  • SSDEEP

    1536:MUqiL7yqsnIwDO+wFo+gUGOtwrrL9aP27dfEJb5:HPyqsIYOGSGowrrL9o2he5

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    123code123

Targets

    • Target

      2eed52c3878912953cb4306b8949d86f_JaffaCakes118

    • Size

      92KB

    • MD5

      2eed52c3878912953cb4306b8949d86f

    • SHA1

      16547a49a3deb6d6259174d358286d7236330e85

    • SHA256

      c7ea1fdfcb2e698a7095024bc1df8843806bd38836c95b49737400b3544f29ee

    • SHA512

      39a55c6c4937878d309eb00a453bc71a913900fc05460fd2641a887e35d8cb217f1b92b01a35928b398d7ee57158a8af6c3b841cb94ea34683317e708306fa67

    • SSDEEP

      1536:MUqiL7yqsnIwDO+wFo+gUGOtwrrL9aP27dfEJb5:HPyqsIYOGSGowrrL9o2he5

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks