General

  • Target

    4f73e81d0101de7157f5c2f005fb589d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241016-2s3hbs1cqp

  • MD5

    4f73e81d0101de7157f5c2f005fb589d

  • SHA1

    0f361bde4d40acccf35047ecb549f9215ca14465

  • SHA256

    e66f7f877023fed0b8fcf763b4c06744f087f32c378e59c143a51e932d176c3e

  • SHA512

    40383084fa3efc0603f187e9e67927b7949f29bb08504fc00dc5b77ea4998edb5da0c7f27fc848468a9459a940e2f0cca4d953e3c3515fddd06639766a95a663

  • SSDEEP

    24576:NnLB6UAKy5FQKBIxV5E+BHB5gaeuJN5qX35:NnN6UE5uO+nv4

Malware Config

Targets

    • Target

      4f73e81d0101de7157f5c2f005fb589d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      4f73e81d0101de7157f5c2f005fb589d

    • SHA1

      0f361bde4d40acccf35047ecb549f9215ca14465

    • SHA256

      e66f7f877023fed0b8fcf763b4c06744f087f32c378e59c143a51e932d176c3e

    • SHA512

      40383084fa3efc0603f187e9e67927b7949f29bb08504fc00dc5b77ea4998edb5da0c7f27fc848468a9459a940e2f0cca4d953e3c3515fddd06639766a95a663

    • SSDEEP

      24576:NnLB6UAKy5FQKBIxV5E+BHB5gaeuJN5qX35:NnN6UE5uO+nv4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks