General

  • Target

    49d1fd020c8f136f933673d630e18d4b_JaffaCakes118

  • Size

    900KB

  • Sample

    241015-y34atsvdpb

  • MD5

    49d1fd020c8f136f933673d630e18d4b

  • SHA1

    b4dcb8d4a0e5822894187a5ac1825cda7489bb13

  • SHA256

    8fc6b1edf12b69ec825bd1e8eb04235fc2aadca0dc13a7c29783555bb2651383

  • SHA512

    58896bc70173a4ad995db5c8c2cc38d69f7c4c09fc237d1fe68f26ad36728f8e44512d36fbfdc1c3157f04c66b9499dd6e3d9451687688d6263a5075e44cc9ca

  • SSDEEP

    24576:Vnx62v7sR55S7C9cSGfOKfUk7FsaXHSqb:VDDsH5HaDL5nXF

Malware Config

Targets

    • Target

      49d1fd020c8f136f933673d630e18d4b_JaffaCakes118

    • Size

      900KB

    • MD5

      49d1fd020c8f136f933673d630e18d4b

    • SHA1

      b4dcb8d4a0e5822894187a5ac1825cda7489bb13

    • SHA256

      8fc6b1edf12b69ec825bd1e8eb04235fc2aadca0dc13a7c29783555bb2651383

    • SHA512

      58896bc70173a4ad995db5c8c2cc38d69f7c4c09fc237d1fe68f26ad36728f8e44512d36fbfdc1c3157f04c66b9499dd6e3d9451687688d6263a5075e44cc9ca

    • SSDEEP

      24576:Vnx62v7sR55S7C9cSGfOKfUk7FsaXHSqb:VDDsH5HaDL5nXF

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks