General

  • Target

    4b30c3325df30a74100f04858201b798_JaffaCakes118

  • Size

    64KB

  • Sample

    241016-dt389azekg

  • MD5

    4b30c3325df30a74100f04858201b798

  • SHA1

    914ccffe745556ddb6ef95494b34a144cc5bb6c0

  • SHA256

    1ef02d760a0e201648fb359efca312fe6e99dcfc2497ebba3ac7dc5d2917b604

  • SHA512

    21a74a6de34ae6ffd3f0f52c4d12ef937764f21af2d05eb506d9d01ade1faf20d568f25bba8444133578e4ba834c320e54357a18510098f463f8980b2d682bb6

  • SSDEEP

    1536:i4ZEvFen/nOK7Ie9tTJknIFRvXr/4mnzhCzQ:i4Z8FkOKkejlTvDlzAzQ

Malware Config

Targets

    • Target

      4b30c3325df30a74100f04858201b798_JaffaCakes118

    • Size

      64KB

    • MD5

      4b30c3325df30a74100f04858201b798

    • SHA1

      914ccffe745556ddb6ef95494b34a144cc5bb6c0

    • SHA256

      1ef02d760a0e201648fb359efca312fe6e99dcfc2497ebba3ac7dc5d2917b604

    • SHA512

      21a74a6de34ae6ffd3f0f52c4d12ef937764f21af2d05eb506d9d01ade1faf20d568f25bba8444133578e4ba834c320e54357a18510098f463f8980b2d682bb6

    • SSDEEP

      1536:i4ZEvFen/nOK7Ie9tTJknIFRvXr/4mnzhCzQ:i4Z8FkOKkejlTvDlzAzQ

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks