General

  • Target

    6512ee54cb87daf804d1d337785c947e_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241021-bvtp4atcmj

  • MD5

    6512ee54cb87daf804d1d337785c947e

  • SHA1

    6e29351ed23c4b14d731a36c789e08cea5f8eb5e

  • SHA256

    fe2a40f78f2acb54fb1675bbe256de830d9c78ff813818d7335b98ce8b2bb3e6

  • SHA512

    a7725fee1f1a90fe6b0571cf293b028f4128ac5baf62f64cc3b6ba20d7c412437918096c86b005411bb922b42f020c393980965f0ec7c16b000a8e0773da96b7

  • SSDEEP

    24576:+DWHSb4Nc0yPFtkTb67tzzM9DvVIJV1rliDpL9Dh7qd2P69EuKA+R:t846kKzzKVIJ5+pLTpP699Kn

Malware Config

Targets

    • Target

      6512ee54cb87daf804d1d337785c947e_JaffaCakes118

    • Size

      1.5MB

    • MD5

      6512ee54cb87daf804d1d337785c947e

    • SHA1

      6e29351ed23c4b14d731a36c789e08cea5f8eb5e

    • SHA256

      fe2a40f78f2acb54fb1675bbe256de830d9c78ff813818d7335b98ce8b2bb3e6

    • SHA512

      a7725fee1f1a90fe6b0571cf293b028f4128ac5baf62f64cc3b6ba20d7c412437918096c86b005411bb922b42f020c393980965f0ec7c16b000a8e0773da96b7

    • SSDEEP

      24576:+DWHSb4Nc0yPFtkTb67tzzM9DvVIJV1rliDpL9Dh7qd2P69EuKA+R:t846kKzzKVIJ5+pLTpP699Kn

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks