General
-
Target
5704464828fa987135dbef5a3e0c51c5_JaffaCakes118
-
Size
255KB
-
Sample
241018-mwf16ssfng
-
MD5
5704464828fa987135dbef5a3e0c51c5
-
SHA1
d47286247cd48919257910ab9f0635ebbc9279e4
-
SHA256
da45506d980b1c8ca7b66bfc255a824be51d83803f509f49ea1506222168953c
-
SHA512
3043313a8d32a6ac18c2e98ab78710141b74229f9f7c26498cb4be34b23dc0ff83066190e38fe3484d8192f10293f8f0256f936a791ec9cf1e866e2f5d8eeecb
-
SSDEEP
6144:h1OgDPdkBAFZWjadD4s5ealE9JWHSdheYAxLmrZdI:h1OgLdaOXloteYAMdI
Malware Config
Targets
-
-
Target
5704464828fa987135dbef5a3e0c51c5_JaffaCakes118
-
Size
255KB
-
MD5
5704464828fa987135dbef5a3e0c51c5
-
SHA1
d47286247cd48919257910ab9f0635ebbc9279e4
-
SHA256
da45506d980b1c8ca7b66bfc255a824be51d83803f509f49ea1506222168953c
-
SHA512
3043313a8d32a6ac18c2e98ab78710141b74229f9f7c26498cb4be34b23dc0ff83066190e38fe3484d8192f10293f8f0256f936a791ec9cf1e866e2f5d8eeecb
-
SSDEEP
6144:h1OgDPdkBAFZWjadD4s5ealE9JWHSdheYAxLmrZdI:h1OgLdaOXloteYAMdI
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-