General

  • Target

    49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118

  • Size

    521KB

  • Sample

    241015-yxsxxayenj

  • MD5

    49c8a036eae3c0e9e599a53d98113cb2

  • SHA1

    f6d872357b267e988a9ad33a196bd04eef42deb7

  • SHA256

    e4e34486b6399b398c6262e7ff84a80620f3bd812682f3414ec91c362df7b957

  • SHA512

    07fed586edcf61215daf6d9d6e52bb7e906fbaf8998e3b6e251a0d6097b5fa32107cf3cfa98e235ec535cd3646b532fcf72275f7ede92244f0a9ce8473d7a7df

  • SSDEEP

    6144:N25mswOyIZjyMrmhc2TawqaOt2da2k78qh90GiTwXw35lk9jgvy89:N2wRIZgFOJDz9fA35lk9N

Malware Config

Targets

    • Target

      49c8a036eae3c0e9e599a53d98113cb2_JaffaCakes118

    • Size

      521KB

    • MD5

      49c8a036eae3c0e9e599a53d98113cb2

    • SHA1

      f6d872357b267e988a9ad33a196bd04eef42deb7

    • SHA256

      e4e34486b6399b398c6262e7ff84a80620f3bd812682f3414ec91c362df7b957

    • SHA512

      07fed586edcf61215daf6d9d6e52bb7e906fbaf8998e3b6e251a0d6097b5fa32107cf3cfa98e235ec535cd3646b532fcf72275f7ede92244f0a9ce8473d7a7df

    • SSDEEP

      6144:N25mswOyIZjyMrmhc2TawqaOt2da2k78qh90GiTwXw35lk9jgvy89:N2wRIZgFOJDz9fA35lk9N

    • UAC bypass

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks