General
-
Target
3e748666ff9c044dc534f67a4d7e9d75_JaffaCakes118
-
Size
56KB
-
Sample
241013-hvkwhsydmp
-
MD5
3e748666ff9c044dc534f67a4d7e9d75
-
SHA1
169848f8ca409b0becc4b2d75fa2a3d62b527f73
-
SHA256
a3e2a70537f2f390007edf5ec84bd501d48ca2c17c882e5d2c62ffb12f07140b
-
SHA512
6d2839e4df0d005a826d5ba753d0b8a5dcb6b952f41fc401a56efe440b885b74be3604a8ed602281dc46fd71e5588af5a16efd010eb8a01b1ef63b810527ca07
-
SSDEEP
768:bGjyiR7nPy+FTfD2T3PqT38E3cFJd/fo3ol3oMzgPx6uyR2jBYIscUh:bGWiRLpdDiObc/foKYyYSRJtcu
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
paperne123
Targets
-
-
Target
3e748666ff9c044dc534f67a4d7e9d75_JaffaCakes118
-
Size
56KB
-
MD5
3e748666ff9c044dc534f67a4d7e9d75
-
SHA1
169848f8ca409b0becc4b2d75fa2a3d62b527f73
-
SHA256
a3e2a70537f2f390007edf5ec84bd501d48ca2c17c882e5d2c62ffb12f07140b
-
SHA512
6d2839e4df0d005a826d5ba753d0b8a5dcb6b952f41fc401a56efe440b885b74be3604a8ed602281dc46fd71e5588af5a16efd010eb8a01b1ef63b810527ca07
-
SSDEEP
768:bGjyiR7nPy+FTfD2T3PqT38E3cFJd/fo3ol3oMzgPx6uyR2jBYIscUh:bGWiRLpdDiObc/foKYyYSRJtcu
Score10/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1