General

  • Target

    2f05f7d1ad04c1ab3a71b5f7d30df4fa_JaffaCakes118

  • Size

    303KB

  • Sample

    241009-lww7qa1cmf

  • MD5

    2f05f7d1ad04c1ab3a71b5f7d30df4fa

  • SHA1

    1bf10faa5af0efe5473d53a6a6f78a46cfd7e256

  • SHA256

    cf1399c3d0353a89a688f2241c81729ccddb5e445205abe8721b62940dccccb2

  • SHA512

    4e54be1f16746298504784cc88ccffba84f62fb3b57e432000c8657141480ffb27711d9e5da5c0cbdcba76cf5d06afb096545ccd229ab8d43441c5e964d79d68

  • SSDEEP

    6144:X26oGcFo42LAgV8LLyrTEzh98wNry/fn:yGcyLAgVOhw

Malware Config

Targets

    • Target

      2f05f7d1ad04c1ab3a71b5f7d30df4fa_JaffaCakes118

    • Size

      303KB

    • MD5

      2f05f7d1ad04c1ab3a71b5f7d30df4fa

    • SHA1

      1bf10faa5af0efe5473d53a6a6f78a46cfd7e256

    • SHA256

      cf1399c3d0353a89a688f2241c81729ccddb5e445205abe8721b62940dccccb2

    • SHA512

      4e54be1f16746298504784cc88ccffba84f62fb3b57e432000c8657141480ffb27711d9e5da5c0cbdcba76cf5d06afb096545ccd229ab8d43441c5e964d79d68

    • SSDEEP

      6144:X26oGcFo42LAgV8LLyrTEzh98wNry/fn:yGcyLAgVOhw

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks