General
-
Target
39dfbdc595913049289f361352e20211_JaffaCakes118
-
Size
724KB
-
Sample
241012-n23ykatcrk
-
MD5
39dfbdc595913049289f361352e20211
-
SHA1
645e5d9dcf7ee54bae955229a3e4add839bad622
-
SHA256
d9dc8934801540d9f484992bf8bdd55c36a454ece6469de322546754832d4b20
-
SHA512
23792cb33d363abceff72aae812072f8e6f801338f45a16f99d49b054d6ec27539bc593b641e46415816c5012de9bf5d7bd1555c5f2eb99535f80e1912e2d690
-
SSDEEP
12288:Nrkv7b/IDlV7TmC6GEh5vcDe7RrW7SZFs1evzUyxwKE4nag9y8pEgK8sY6jYir:NabSyvGEfcDe7REsFv4ylRnzM7xRYir
Malware Config
Targets
-
-
Target
39dfbdc595913049289f361352e20211_JaffaCakes118
-
Size
724KB
-
MD5
39dfbdc595913049289f361352e20211
-
SHA1
645e5d9dcf7ee54bae955229a3e4add839bad622
-
SHA256
d9dc8934801540d9f484992bf8bdd55c36a454ece6469de322546754832d4b20
-
SHA512
23792cb33d363abceff72aae812072f8e6f801338f45a16f99d49b054d6ec27539bc593b641e46415816c5012de9bf5d7bd1555c5f2eb99535f80e1912e2d690
-
SSDEEP
12288:Nrkv7b/IDlV7TmC6GEh5vcDe7RrW7SZFs1evzUyxwKE4nag9y8pEgK8sY6jYir:NabSyvGEfcDe7REsFv4ylRnzM7xRYir
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Accessibility Features
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Accessibility Features
1Image File Execution Options Injection
1