General

  • Target

    4a11900b9aa45745255a007bf279cb50_JaffaCakes118

  • Size

    510KB

  • Sample

    241015-z8bcnsxfqh

  • MD5

    4a11900b9aa45745255a007bf279cb50

  • SHA1

    a15147b400a93a55be087c7e23b921d65e5a1656

  • SHA256

    01b614be847e7685953d5e998908d01e4e3ff163ec7176b8786c4fe0a8b53f59

  • SHA512

    ea54be7c388398604da520757cd89bfeaddcf92e43e4648b455cd487b1e7e48a71413f2e1da065cfb45cedb5366896c088f4911a38cb803560cda8d86cee93f7

  • SSDEEP

    12288:T4i+In3UrGCwjiKE1fo6o06fjnUFd6bLYBrXIA:TYIn3g3R26woFd6bsBrXb

Malware Config

Targets

    • Target

      4a11900b9aa45745255a007bf279cb50_JaffaCakes118

    • Size

      510KB

    • MD5

      4a11900b9aa45745255a007bf279cb50

    • SHA1

      a15147b400a93a55be087c7e23b921d65e5a1656

    • SHA256

      01b614be847e7685953d5e998908d01e4e3ff163ec7176b8786c4fe0a8b53f59

    • SHA512

      ea54be7c388398604da520757cd89bfeaddcf92e43e4648b455cd487b1e7e48a71413f2e1da065cfb45cedb5366896c088f4911a38cb803560cda8d86cee93f7

    • SSDEEP

      12288:T4i+In3UrGCwjiKE1fo6o06fjnUFd6bLYBrXIA:TYIn3g3R26woFd6bsBrXb

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks