General
-
Target
2fd81e11da64e9f899eba6690499c343_JaffaCakes118
-
Size
992KB
-
Sample
241009-mzdefswhre
-
MD5
2fd81e11da64e9f899eba6690499c343
-
SHA1
740995e8b85aeaad6fe85b0f1f81950c37af13ca
-
SHA256
5db36a78bff50008e9049aaeade8d4cfd43e65b400e2a4b140994740495ad176
-
SHA512
419bf4cbbfd9a411d49a2d96a13c805a837fe95a3f4c55364e13c39e322d7c1b3bcb58c73c54dc0fa0a16701f585e5f98c176eb39c345df4a53e5448ce880c59
-
SSDEEP
24576:yqHQjezY3bBsBrdltT77/1cVdplnx2TYMl1lls:yqwyLrT72VdHWls
Malware Config
Targets
-
-
Target
2fd81e11da64e9f899eba6690499c343_JaffaCakes118
-
Size
992KB
-
MD5
2fd81e11da64e9f899eba6690499c343
-
SHA1
740995e8b85aeaad6fe85b0f1f81950c37af13ca
-
SHA256
5db36a78bff50008e9049aaeade8d4cfd43e65b400e2a4b140994740495ad176
-
SHA512
419bf4cbbfd9a411d49a2d96a13c805a837fe95a3f4c55364e13c39e322d7c1b3bcb58c73c54dc0fa0a16701f585e5f98c176eb39c345df4a53e5448ce880c59
-
SSDEEP
24576:yqHQjezY3bBsBrdltT77/1cVdplnx2TYMl1lls:yqwyLrT72VdHWls
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Suspicious use of SetThreadContext
-