General

  • Target

    305f37807bec7afd8e310b1334e63b5c_JaffaCakes118

  • Size

    173KB

  • Sample

    241010-rx93vswcln

  • MD5

    305f37807bec7afd8e310b1334e63b5c

  • SHA1

    18253edd3c6799c3a58d4e1461932a442a90ff8f

  • SHA256

    5334aaef334167fc6ff2c3eae74982f4818bd609168f9f38b5ad3504db0a7480

  • SHA512

    0eecdffe24eba134241e9815b3f5b46cffd1b74a1fab9a8bfdca03aa9c63fc698f6f6af26c9cf0729c1a7a397136f1a987ca2b8c5dcd6209f33e154feaa5f444

  • SSDEEP

    3072:P+bzgbUy8RvsIz7JD2F0j4D1t53zVQRkVEJhX/4mVwujNQnc4CKH:mbzao0g7oF0j45t53zyVfX//VwWN4cs

Malware Config

Targets

    • Target

      305f37807bec7afd8e310b1334e63b5c_JaffaCakes118

    • Size

      173KB

    • MD5

      305f37807bec7afd8e310b1334e63b5c

    • SHA1

      18253edd3c6799c3a58d4e1461932a442a90ff8f

    • SHA256

      5334aaef334167fc6ff2c3eae74982f4818bd609168f9f38b5ad3504db0a7480

    • SHA512

      0eecdffe24eba134241e9815b3f5b46cffd1b74a1fab9a8bfdca03aa9c63fc698f6f6af26c9cf0729c1a7a397136f1a987ca2b8c5dcd6209f33e154feaa5f444

    • SSDEEP

      3072:P+bzgbUy8RvsIz7JD2F0j4D1t53zVQRkVEJhX/4mVwujNQnc4CKH:mbzao0g7oF0j45t53zyVfX//VwWN4cs

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks