General

  • Target

    49ead46b04d9bdf2050500dfad0d40d6_JaffaCakes118

  • Size

    460KB

  • Sample

    241015-zjg4xswdlb

  • MD5

    49ead46b04d9bdf2050500dfad0d40d6

  • SHA1

    6e0ed62f106e05dbb2f0e35ecb94bb6479db84a3

  • SHA256

    acdd870b59bc8a3d464199fe6f72138dfb57f98bd60b0f5e6295d643025cbaee

  • SHA512

    78d0f3d2b6d7b30c5d089329b990432bd3a77817392db5c1954ca69c730ec7f2384f0f8c038c75882cf1f04b9321ee20139987d9da5977ab87b6bb86eb7bbbb5

  • SSDEEP

    12288:J0m3blK36QhuIOyFHxlAaO8ye3/9DlkR7G:d3blO6NWTlAaO8y0aRi

Malware Config

Targets

    • Target

      49ead46b04d9bdf2050500dfad0d40d6_JaffaCakes118

    • Size

      460KB

    • MD5

      49ead46b04d9bdf2050500dfad0d40d6

    • SHA1

      6e0ed62f106e05dbb2f0e35ecb94bb6479db84a3

    • SHA256

      acdd870b59bc8a3d464199fe6f72138dfb57f98bd60b0f5e6295d643025cbaee

    • SHA512

      78d0f3d2b6d7b30c5d089329b990432bd3a77817392db5c1954ca69c730ec7f2384f0f8c038c75882cf1f04b9321ee20139987d9da5977ab87b6bb86eb7bbbb5

    • SSDEEP

      12288:J0m3blK36QhuIOyFHxlAaO8ye3/9DlkR7G:d3blO6NWTlAaO8y0aRi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks