General

  • Target

    4926c13f48ba7d0f681975ebd499b63a_JaffaCakes118

  • Size

    225KB

  • Sample

    241015-v8625axflc

  • MD5

    4926c13f48ba7d0f681975ebd499b63a

  • SHA1

    a191787e60ae025f90f23c202dc0eaf34733525d

  • SHA256

    77b7d2d16caeebb2aaf9b1aa7c2cf61f6c8ce9984824207358fddb98c2e28aa1

  • SHA512

    e8af1aa9740c82214c8fb3948fff499fe10080be52682a0f43746fe6327be76c8954d9bb23f326410fbb06a40ea503988218fcdb0d36ae3947b116d9c0be2369

  • SSDEEP

    6144:xLOZ3jRcopoSMjcjRcMM6wGjRcopoSMj:xLijcSMojDtjcSM

Malware Config

Targets

    • Target

      4926c13f48ba7d0f681975ebd499b63a_JaffaCakes118

    • Size

      225KB

    • MD5

      4926c13f48ba7d0f681975ebd499b63a

    • SHA1

      a191787e60ae025f90f23c202dc0eaf34733525d

    • SHA256

      77b7d2d16caeebb2aaf9b1aa7c2cf61f6c8ce9984824207358fddb98c2e28aa1

    • SHA512

      e8af1aa9740c82214c8fb3948fff499fe10080be52682a0f43746fe6327be76c8954d9bb23f326410fbb06a40ea503988218fcdb0d36ae3947b116d9c0be2369

    • SSDEEP

      6144:xLOZ3jRcopoSMjcjRcMM6wGjRcopoSMj:xLijcSMojDtjcSM

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks