General

  • Target

    4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118

  • Size

    850KB

  • Sample

    241016-cezrva1fll

  • MD5

    4aeeb1d8f23828e5c2cd587abc052a81

  • SHA1

    23c3ef082ac782bdb3c6d210ff08fe90ad20560a

  • SHA256

    2522cbd68d9cdc8e8979353e708aba9b2e7fe6a5c06e97419d6c8806ea78b654

  • SHA512

    47f733577a694c81c57197abe1123e91a981cc96cb76f481a77434b4bd7a2054ba2f69630237cbeef3a1a8be7f5e007a6775f2d4b41966049c74895d7b23c0e8

  • SSDEEP

    24576:8osOsHIV5ctEcQVDC3sPrLcEf6Z+c3fT7:8oL5ctEcuV/J43

Malware Config

Targets

    • Target

      4aeeb1d8f23828e5c2cd587abc052a81_JaffaCakes118

    • Size

      850KB

    • MD5

      4aeeb1d8f23828e5c2cd587abc052a81

    • SHA1

      23c3ef082ac782bdb3c6d210ff08fe90ad20560a

    • SHA256

      2522cbd68d9cdc8e8979353e708aba9b2e7fe6a5c06e97419d6c8806ea78b654

    • SHA512

      47f733577a694c81c57197abe1123e91a981cc96cb76f481a77434b4bd7a2054ba2f69630237cbeef3a1a8be7f5e007a6775f2d4b41966049c74895d7b23c0e8

    • SSDEEP

      24576:8osOsHIV5ctEcQVDC3sPrLcEf6Z+c3fT7:8oL5ctEcuV/J43

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks