General
-
Target
420446c4c0abc470bf506a4f9b113a9b_JaffaCakes118
-
Size
56KB
-
Sample
241013-zp7lrssdln
-
MD5
420446c4c0abc470bf506a4f9b113a9b
-
SHA1
0eaaee91af46d35e4d5d321cc1f7d8d46179f628
-
SHA256
7670596b5a411a67a81b1c601e44adcfac5778af96dfdec8d8d91eb7b7c1c843
-
SHA512
b6e902928d5289117734311f79c8473e4a93cefd9c14b3b2124e675fb59829668db0abd3d71ce9b2962df42f54bc0235b82ad6e09b62075437928d18ef544fe3
-
SSDEEP
1536:wXGk2wqVBz40Bz44ltTR4FTdfNNpNt3N+Fmt:I2wqVBk0BkUtT+VdVfd+4t
Malware Config
Extracted
Protocol: smtp- Host:
smtp.poczta.onet.pl - Port:
587 - Username:
[email protected] - Password:
1204mx
Targets
-
-
Target
420446c4c0abc470bf506a4f9b113a9b_JaffaCakes118
-
Size
56KB
-
MD5
420446c4c0abc470bf506a4f9b113a9b
-
SHA1
0eaaee91af46d35e4d5d321cc1f7d8d46179f628
-
SHA256
7670596b5a411a67a81b1c601e44adcfac5778af96dfdec8d8d91eb7b7c1c843
-
SHA512
b6e902928d5289117734311f79c8473e4a93cefd9c14b3b2124e675fb59829668db0abd3d71ce9b2962df42f54bc0235b82ad6e09b62075437928d18ef544fe3
-
SSDEEP
1536:wXGk2wqVBz40Bz44ltTR4FTdfNNpNt3N+Fmt:I2wqVBk0BkUtT+VdVfd+4t
Score10/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1