General

  • Target

    49c08b92dab655e77b06c434e3908f88_JaffaCakes118

  • Size

    440KB

  • Sample

    241015-yssrcaycmp

  • MD5

    49c08b92dab655e77b06c434e3908f88

  • SHA1

    7e6665a9796a0cb5e8562ec938162c3f9e3310f4

  • SHA256

    1ee338560231e8d63276cb912ffd24fb7d6877ef0a09667a07307e0a8639e5d2

  • SHA512

    efc4b6056bb88388a7c27a7ae688eb0eacb0b7d20f1f3c69ec9866bf4558dee3a33ce11fccc5433ceb72aa52b1103a0d739e162e871a3446fe6a4926ea119765

  • SSDEEP

    12288:dkCSFtvlLLAcWxsKnWEllejfHdkSgSUsIJtLR:dCnLLA9Qrf2NVsEl

Malware Config

Targets

    • Target

      49c08b92dab655e77b06c434e3908f88_JaffaCakes118

    • Size

      440KB

    • MD5

      49c08b92dab655e77b06c434e3908f88

    • SHA1

      7e6665a9796a0cb5e8562ec938162c3f9e3310f4

    • SHA256

      1ee338560231e8d63276cb912ffd24fb7d6877ef0a09667a07307e0a8639e5d2

    • SHA512

      efc4b6056bb88388a7c27a7ae688eb0eacb0b7d20f1f3c69ec9866bf4558dee3a33ce11fccc5433ceb72aa52b1103a0d739e162e871a3446fe6a4926ea119765

    • SSDEEP

      12288:dkCSFtvlLLAcWxsKnWEllejfHdkSgSUsIJtLR:dCnLLA9Qrf2NVsEl

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks