General

  • Target

    4a44d802b5b052d0c51d4df24d946dc0_JaffaCakes118

  • Size

    104KB

  • Sample

    241015-18c2yazerg

  • MD5

    4a44d802b5b052d0c51d4df24d946dc0

  • SHA1

    f150611ab67e11d3e353047b90786e162565ae44

  • SHA256

    facc0b56aa6db2f46504d4e9adefb7cc7269721599f8c148d70e792f3ccaa87a

  • SHA512

    d2ce3ef7b6e63e599be882c47d82921cba90a45362acf81fac659b1ba925b2f9fcf7f7d97374048015351a1fba0bbd1d2dd30f6ff31e7132497f52d45d81156b

  • SSDEEP

    1536:DXNmiSrmrZwh35ulS7ZKg9q8eVfvGXuY1iao7Ac6Vs:DNmiSCrHynMm1mAc

Malware Config

Targets

    • Target

      4a44d802b5b052d0c51d4df24d946dc0_JaffaCakes118

    • Size

      104KB

    • MD5

      4a44d802b5b052d0c51d4df24d946dc0

    • SHA1

      f150611ab67e11d3e353047b90786e162565ae44

    • SHA256

      facc0b56aa6db2f46504d4e9adefb7cc7269721599f8c148d70e792f3ccaa87a

    • SHA512

      d2ce3ef7b6e63e599be882c47d82921cba90a45362acf81fac659b1ba925b2f9fcf7f7d97374048015351a1fba0bbd1d2dd30f6ff31e7132497f52d45d81156b

    • SSDEEP

      1536:DXNmiSrmrZwh35ulS7ZKg9q8eVfvGXuY1iao7Ac6Vs:DNmiSCrHynMm1mAc

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks