General

  • Target

    49de8a96462f2ff37acdafa40895a8f1_JaffaCakes118

  • Size

    795KB

  • Sample

    241015-zbnxhazcqq

  • MD5

    49de8a96462f2ff37acdafa40895a8f1

  • SHA1

    7ffba2fe6c539bae84332106ab4d7c4a78826a09

  • SHA256

    27751bb51090ddd1428a953e75a5058311511f86e253889fee1ea2ff2a4a6eb0

  • SHA512

    858b85f566b33f24ad81b83b8c141746bc1783da41c628e529f13c3d2c4ea025a5483adf8d92b8db2637f39762113c2e572cbadf9b572584aeeaaf7375173120

  • SSDEEP

    24576:fVePZu1yMkQX9gi8BU6FfrcHKe9I6IJ7m2:NePohkQXOU6FDcqe91U7V

Malware Config

Targets

    • Target

      49de8a96462f2ff37acdafa40895a8f1_JaffaCakes118

    • Size

      795KB

    • MD5

      49de8a96462f2ff37acdafa40895a8f1

    • SHA1

      7ffba2fe6c539bae84332106ab4d7c4a78826a09

    • SHA256

      27751bb51090ddd1428a953e75a5058311511f86e253889fee1ea2ff2a4a6eb0

    • SHA512

      858b85f566b33f24ad81b83b8c141746bc1783da41c628e529f13c3d2c4ea025a5483adf8d92b8db2637f39762113c2e572cbadf9b572584aeeaaf7375173120

    • SSDEEP

      24576:fVePZu1yMkQX9gi8BU6FfrcHKe9I6IJ7m2:NePohkQXOU6FDcqe91U7V

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks