General

  • Target

    487a29823232889ff4fb2dafef8f2743_JaffaCakes118

  • Size

    656KB

  • Sample

    241015-sey4ba1bmc

  • MD5

    487a29823232889ff4fb2dafef8f2743

  • SHA1

    e5c68b291c8bb612234b55b1361ce5691f5596c1

  • SHA256

    72eddf29c973b57c8a495ca1fd040eba3e7dbaba7952252e16557c61d28f293a

  • SHA512

    b24bba5f5a53156ef6323afa11bbf29dcc8601f265ca72c5e008086a344025b295aa6de9a8afd8df39290045570ff192180ef732bcd1b7227822fac2091359ca

  • SSDEEP

    12288:ry1ZnmW40vNgjV/xucmZCe/ZDyWpnnhPLSzrVhez/8AJ1:rLxuNpxeghPLQrjeZ1

Malware Config

Targets

    • Target

      487a29823232889ff4fb2dafef8f2743_JaffaCakes118

    • Size

      656KB

    • MD5

      487a29823232889ff4fb2dafef8f2743

    • SHA1

      e5c68b291c8bb612234b55b1361ce5691f5596c1

    • SHA256

      72eddf29c973b57c8a495ca1fd040eba3e7dbaba7952252e16557c61d28f293a

    • SHA512

      b24bba5f5a53156ef6323afa11bbf29dcc8601f265ca72c5e008086a344025b295aa6de9a8afd8df39290045570ff192180ef732bcd1b7227822fac2091359ca

    • SSDEEP

      12288:ry1ZnmW40vNgjV/xucmZCe/ZDyWpnnhPLSzrVhez/8AJ1:rLxuNpxeghPLQrjeZ1

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks