General

  • Target

    65f59dec5067d0d98cf7478420bbd2bf_JaffaCakes118

  • Size

    250KB

  • Sample

    241021-h58ekavblf

  • MD5

    65f59dec5067d0d98cf7478420bbd2bf

  • SHA1

    bb14298dcdf5e659920a9f4ec09a6070481e6198

  • SHA256

    d3f95ecd0d30956724a05cdbba0414497bd297aaca368aaad4ea6918d9fe85c7

  • SHA512

    d0888754153c67b77d597d23d9cd3c2aa48531191c23c1fadd9b87565b93aee71c350b3ef419977a15517b86e2bae4b094187874c3fbffe2ba1b8804528fc8d5

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5Ar7QKXtjFj4lv+SttCMwS:h1OgLdaOAwKjj4z3d

Malware Config

Targets

    • Target

      65f59dec5067d0d98cf7478420bbd2bf_JaffaCakes118

    • Size

      250KB

    • MD5

      65f59dec5067d0d98cf7478420bbd2bf

    • SHA1

      bb14298dcdf5e659920a9f4ec09a6070481e6198

    • SHA256

      d3f95ecd0d30956724a05cdbba0414497bd297aaca368aaad4ea6918d9fe85c7

    • SHA512

      d0888754153c67b77d597d23d9cd3c2aa48531191c23c1fadd9b87565b93aee71c350b3ef419977a15517b86e2bae4b094187874c3fbffe2ba1b8804528fc8d5

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5Ar7QKXtjFj4lv+SttCMwS:h1OgLdaOAwKjj4z3d

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks