General

  • Target

    49bd4583de6eb452db870787b2a8eef9_JaffaCakes118

  • Size

    582KB

  • Sample

    241015-yqvsxsybmp

  • MD5

    49bd4583de6eb452db870787b2a8eef9

  • SHA1

    36db4c5166253afa15a9cf2934041993bb8e7f2f

  • SHA256

    bf1ea457997ef64c05644db8528d7cfaaa727cabf8d01f1d7d49191f747af382

  • SHA512

    570cb45f2b142d5ca95ead39ca9e665fda599532a9d91977ec1c568ef12141a465bcfb5b4110458d60138f9db9199eebb3ac97cf0482063560be1b59be732a86

  • SSDEEP

    12288:PN66eLQ+KCyG9+AGEjs8xpBl4wax3mzaTMxO/P1BnmDHq9n:lHGucYAJz9G3m0zmDHsn

Malware Config

Targets

    • Target

      49bd4583de6eb452db870787b2a8eef9_JaffaCakes118

    • Size

      582KB

    • MD5

      49bd4583de6eb452db870787b2a8eef9

    • SHA1

      36db4c5166253afa15a9cf2934041993bb8e7f2f

    • SHA256

      bf1ea457997ef64c05644db8528d7cfaaa727cabf8d01f1d7d49191f747af382

    • SHA512

      570cb45f2b142d5ca95ead39ca9e665fda599532a9d91977ec1c568ef12141a465bcfb5b4110458d60138f9db9199eebb3ac97cf0482063560be1b59be732a86

    • SSDEEP

      12288:PN66eLQ+KCyG9+AGEjs8xpBl4wax3mzaTMxO/P1BnmDHq9n:lHGucYAJz9G3m0zmDHsn

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks