General

  • Target

    4bc0f9c97cec5404f4c5043aa98fe477_JaffaCakes118

  • Size

    5.4MB

  • Sample

    241016-g8bpbs1fnl

  • MD5

    4bc0f9c97cec5404f4c5043aa98fe477

  • SHA1

    a78593b4653c8e7aa3a4cfeb85bc1b216c755361

  • SHA256

    e99cce59c66e23f71e9d5d20632dd5b1d5b2a2ff567674eab7fb4edbe9aad5dd

  • SHA512

    772539149c88dcb96e8a029ed6f7bd4f78e48309e488a4feddc352b6a5b8c3c9f45dbcd8270f7a9ec101e480c044d4eab9c5fd2bbcde37c98f9e8d47a8393a12

  • SSDEEP

    98304:9Bx1kYzVhFKH21n/px5gIl1brB810XcOQ7TZjKvhXCk4ZdLo7nwQyCaZc:9/5nFKShE8pV8icOqTZjKvpCfdLobrPd

Malware Config

Targets

    • Target

      4bc0f9c97cec5404f4c5043aa98fe477_JaffaCakes118

    • Size

      5.4MB

    • MD5

      4bc0f9c97cec5404f4c5043aa98fe477

    • SHA1

      a78593b4653c8e7aa3a4cfeb85bc1b216c755361

    • SHA256

      e99cce59c66e23f71e9d5d20632dd5b1d5b2a2ff567674eab7fb4edbe9aad5dd

    • SHA512

      772539149c88dcb96e8a029ed6f7bd4f78e48309e488a4feddc352b6a5b8c3c9f45dbcd8270f7a9ec101e480c044d4eab9c5fd2bbcde37c98f9e8d47a8393a12

    • SSDEEP

      98304:9Bx1kYzVhFKH21n/px5gIl1brB810XcOQ7TZjKvhXCk4ZdLo7nwQyCaZc:9/5nFKShE8pV8icOqTZjKvpCfdLobrPd

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks