General

  • Target

    43f20b04d2fbdec319c718d2833aca91_JaffaCakes118

  • Size

    936KB

  • Sample

    241014-yrsd7axenj

  • MD5

    43f20b04d2fbdec319c718d2833aca91

  • SHA1

    47aa871e76545fd21969994eb70170b0923ee66d

  • SHA256

    ba02518923d08573048f1654bcf36cdae3487c3e0c5da0ca23b487ca3bad50d8

  • SHA512

    9dcdf7115b81e8647fa5e5a0af84d25d09646b43b6671b6fc3221601a52c6193dd8656278c04acfeb888e20ece219868d939d4541168dd5caffbae76ae51dc39

  • SSDEEP

    12288:VeETBY2cJBm7vi/mFkw1gMV1/O4lhr5sIj4L6HbEZDdEuQ6m6J7/P4+PdRi:7Y2r7AmFkYTVdOMhr5sIdoEpq7PFPvi

Malware Config

Targets

    • Target

      43f20b04d2fbdec319c718d2833aca91_JaffaCakes118

    • Size

      936KB

    • MD5

      43f20b04d2fbdec319c718d2833aca91

    • SHA1

      47aa871e76545fd21969994eb70170b0923ee66d

    • SHA256

      ba02518923d08573048f1654bcf36cdae3487c3e0c5da0ca23b487ca3bad50d8

    • SHA512

      9dcdf7115b81e8647fa5e5a0af84d25d09646b43b6671b6fc3221601a52c6193dd8656278c04acfeb888e20ece219868d939d4541168dd5caffbae76ae51dc39

    • SSDEEP

      12288:VeETBY2cJBm7vi/mFkw1gMV1/O4lhr5sIj4L6HbEZDdEuQ6m6J7/P4+PdRi:7Y2r7AmFkYTVdOMhr5sIdoEpq7PFPvi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks