General

  • Target

    486fd221c26593abec3ae0a67cdf897b_JaffaCakes118

  • Size

    861KB

  • Sample

    241015-r9j27svcjn

  • MD5

    486fd221c26593abec3ae0a67cdf897b

  • SHA1

    d062d9182f7ab02a2572a8afc9b3c8b729b29bba

  • SHA256

    737baceb7a8c10d9ed7bea95348a23c148eae725d056e26dc567973e1d69fb91

  • SHA512

    5f25745200700f9e6a433a1b82ec20f6386c37f16a1619a510d0840d337d77605b8f85e021b3c120d112ee0b1b291ca00e974c62de454e3985fb9f387251dd75

  • SSDEEP

    24576:FoR2NKhYSFC37BoK3pRsIFQ4KWBpqR17wGyQJp:OR/U2kDsIFu0ci

Malware Config

Targets

    • Target

      486fd221c26593abec3ae0a67cdf897b_JaffaCakes118

    • Size

      861KB

    • MD5

      486fd221c26593abec3ae0a67cdf897b

    • SHA1

      d062d9182f7ab02a2572a8afc9b3c8b729b29bba

    • SHA256

      737baceb7a8c10d9ed7bea95348a23c148eae725d056e26dc567973e1d69fb91

    • SHA512

      5f25745200700f9e6a433a1b82ec20f6386c37f16a1619a510d0840d337d77605b8f85e021b3c120d112ee0b1b291ca00e974c62de454e3985fb9f387251dd75

    • SSDEEP

      24576:FoR2NKhYSFC37BoK3pRsIFQ4KWBpqR17wGyQJp:OR/U2kDsIFu0ci

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks