General
-
Target
2fb210fc80a0a54afe563623baf05d1a_JaffaCakes118
-
Size
1.4MB
-
Sample
241009-msfw1awaqc
-
MD5
2fb210fc80a0a54afe563623baf05d1a
-
SHA1
12776be02887a0be324672fe51305f31a6d41d95
-
SHA256
603dbc050611cfd4d6c4db002522df9a0fe23e2d3b3ccdbcbbb63c45080dc245
-
SHA512
21b15a5547e38cf09a9a8de4fc4ebcac5588401a09e184651cf214009370eeb9877208b298ff34230a43e19606437158f2355661bab94d3596643b14a8ec4a31
-
SSDEEP
3072:fppouA9M6YlPlLP/UGKVDe69rLm4nkQ2cO1DaGwk0Jo/9TtNzT+MmlRiljFggOZf:fgV07hOZWWugxf
Malware Config
Targets
-
-
Target
2fb210fc80a0a54afe563623baf05d1a_JaffaCakes118
-
Size
1.4MB
-
MD5
2fb210fc80a0a54afe563623baf05d1a
-
SHA1
12776be02887a0be324672fe51305f31a6d41d95
-
SHA256
603dbc050611cfd4d6c4db002522df9a0fe23e2d3b3ccdbcbbb63c45080dc245
-
SHA512
21b15a5547e38cf09a9a8de4fc4ebcac5588401a09e184651cf214009370eeb9877208b298ff34230a43e19606437158f2355661bab94d3596643b14a8ec4a31
-
SSDEEP
3072:fppouA9M6YlPlLP/UGKVDe69rLm4nkQ2cO1DaGwk0Jo/9TtNzT+MmlRiljFggOZf:fgV07hOZWWugxf
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of SetThreadContext
-