General

  • Target

    442fa9f81a455d5155238d626bba2f15_JaffaCakes118

  • Size

    347KB

  • Sample

    241014-zw7v4szhkj

  • MD5

    442fa9f81a455d5155238d626bba2f15

  • SHA1

    387849b83c32abb0a85db203658f9f32a606ecb8

  • SHA256

    2234a22e9066712e2e5f22bfee80e8132b7afa20369b5e45f9215fe77adfb701

  • SHA512

    57ff11e3f45f0ccbfa36973c39775ad9bf6775a17891255f381ca59e81fadafac074c8411792f1f747fabe50ee24239be7b2d8cf75c3b6904730326e13cce36e

  • SSDEEP

    6144:1fJwSXL8idRXj73BuVtESqNI1hDQ93iRqJnDxxR6xaUXuaqDT/EwgGSUS62Gm1zP:dRXL827Lm1hg+AD4xf+aqDT/EwgGSUSb

Malware Config

Targets

    • Target

      442fa9f81a455d5155238d626bba2f15_JaffaCakes118

    • Size

      347KB

    • MD5

      442fa9f81a455d5155238d626bba2f15

    • SHA1

      387849b83c32abb0a85db203658f9f32a606ecb8

    • SHA256

      2234a22e9066712e2e5f22bfee80e8132b7afa20369b5e45f9215fe77adfb701

    • SHA512

      57ff11e3f45f0ccbfa36973c39775ad9bf6775a17891255f381ca59e81fadafac074c8411792f1f747fabe50ee24239be7b2d8cf75c3b6904730326e13cce36e

    • SSDEEP

      6144:1fJwSXL8idRXj73BuVtESqNI1hDQ93iRqJnDxxR6xaUXuaqDT/EwgGSUS62Gm1zP:dRXL827Lm1hg+AD4xf+aqDT/EwgGSUSb

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks