General

  • Target

    4b68ec95a5f08bade0e6dc41fe92e1ba_JaffaCakes118

  • Size

    364KB

  • Sample

    241016-e53mjasgjd

  • MD5

    4b68ec95a5f08bade0e6dc41fe92e1ba

  • SHA1

    5b37ef5af06d0eba8392b2729f775b20b44bc86d

  • SHA256

    a4720e4dcf5f199d255e2e701f3837438a467cb577cac15fea57213a21243941

  • SHA512

    31c85408d5a45cb0ead39ceed88a505c76d2b9f45ded1ba580990b262d3d8af4f6822515812b3baa690e46f5b2b8112bb591ced9fbe7b9379b720e11cc90c103

  • SSDEEP

    6144:xgGBZ3jdm/S7xaoxWDc/DSi9WQ8R996jDhoxCRaIq3PXJ5s15sSdq:/jdm/Gar4/DtW1RDuhoxCRQ3P7Y5

Malware Config

Targets

    • Target

      4b68ec95a5f08bade0e6dc41fe92e1ba_JaffaCakes118

    • Size

      364KB

    • MD5

      4b68ec95a5f08bade0e6dc41fe92e1ba

    • SHA1

      5b37ef5af06d0eba8392b2729f775b20b44bc86d

    • SHA256

      a4720e4dcf5f199d255e2e701f3837438a467cb577cac15fea57213a21243941

    • SHA512

      31c85408d5a45cb0ead39ceed88a505c76d2b9f45ded1ba580990b262d3d8af4f6822515812b3baa690e46f5b2b8112bb591ced9fbe7b9379b720e11cc90c103

    • SSDEEP

      6144:xgGBZ3jdm/S7xaoxWDc/DSi9WQ8R996jDhoxCRaIq3PXJ5s15sSdq:/jdm/Gar4/DtW1RDuhoxCRQ3P7Y5

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks