General
-
Target
316bafd720c60b77423c4828e2922688_JaffaCakes118
-
Size
805KB
-
Sample
241010-xvgw7axbqq
-
MD5
316bafd720c60b77423c4828e2922688
-
SHA1
a7b704111cff578900788b54736f5585f40e528c
-
SHA256
ac03c2fcab8f3e75954e71cf39411556e01d09dc58e269a37dd8626a44e5f955
-
SHA512
9a32855dd3948d61cf279ace9caf3e070f11bebb25a982551f25e698b7daa20568b56afd9c6f3a8172cf76fbd3caf018617e7a5e502b1b0be5646f7f6b2f4db2
-
SSDEEP
24576:H6ZaMWfpYZnnvr7Nkfl39mzjJ9WlsKuKnLaABdJV:a0tRavt+l3gjDWlshELaQdv
Malware Config
Targets
-
-
Target
316bafd720c60b77423c4828e2922688_JaffaCakes118
-
Size
805KB
-
MD5
316bafd720c60b77423c4828e2922688
-
SHA1
a7b704111cff578900788b54736f5585f40e528c
-
SHA256
ac03c2fcab8f3e75954e71cf39411556e01d09dc58e269a37dd8626a44e5f955
-
SHA512
9a32855dd3948d61cf279ace9caf3e070f11bebb25a982551f25e698b7daa20568b56afd9c6f3a8172cf76fbd3caf018617e7a5e502b1b0be5646f7f6b2f4db2
-
SSDEEP
24576:H6ZaMWfpYZnnvr7Nkfl39mzjJ9WlsKuKnLaABdJV:a0tRavt+l3gjDWlshELaQdv
Score7/10-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1