General

  • Target

    44ee3154f12827d1273221bb3b62fa69_JaffaCakes118

  • Size

    3.2MB

  • Sample

    241015-asxhjayamq

  • MD5

    44ee3154f12827d1273221bb3b62fa69

  • SHA1

    9c25d06cea35b2395808cb7f47517ac53aebd68f

  • SHA256

    5952aad5fe80e49a2bf5657aef45442e565f073a3d71eee7777d81ab34cb2214

  • SHA512

    9e1de83ce38353f4aae3c6dfd5cd1fa0a959b8691243d2bf791ef63bb397576af224025984db07d3901b852388c82e2a1e70e7ead7e7166dcacb2a5c5101e359

  • SSDEEP

    49152:t84/Z7nq6dHRK7mGnJ6m+ODJZQ4HtJzHDu0i0mSN/UjoUXx+ppxXGG4nmAv:tpQER0skDE8tJzHDuImSNmMWJl

Malware Config

Targets

    • Target

      44ee3154f12827d1273221bb3b62fa69_JaffaCakes118

    • Size

      3.2MB

    • MD5

      44ee3154f12827d1273221bb3b62fa69

    • SHA1

      9c25d06cea35b2395808cb7f47517ac53aebd68f

    • SHA256

      5952aad5fe80e49a2bf5657aef45442e565f073a3d71eee7777d81ab34cb2214

    • SHA512

      9e1de83ce38353f4aae3c6dfd5cd1fa0a959b8691243d2bf791ef63bb397576af224025984db07d3901b852388c82e2a1e70e7ead7e7166dcacb2a5c5101e359

    • SSDEEP

      49152:t84/Z7nq6dHRK7mGnJ6m+ODJZQ4HtJzHDu0i0mSN/UjoUXx+ppxXGG4nmAv:tpQER0skDE8tJzHDuImSNmMWJl

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks