General

  • Target

    65f751b8d3cba3e76bb917f11836339e_JaffaCakes118

  • Size

    401KB

  • Sample

    241021-h7dmzavbqa

  • MD5

    65f751b8d3cba3e76bb917f11836339e

  • SHA1

    4c5312db3fc74296c841bd7ce59d06b61523e7c9

  • SHA256

    97305fb9b1b94843d935d9b06673cc6280a6256fe3fd3138a251092ffee48aa2

  • SHA512

    d11d449acfd472217d699591243d347a3f764168d93e9fcd928e8846e64f6d2aa9b889d44fddce22aa5a5ca7b32566e3f06b4701ed521bfe387f22b9864d6b71

  • SSDEEP

    6144:8GlfAC7bh5/oH8WqqCJQCZqhBeb7pr4NhUs:8GfAC7FpUQqCuCUDMqUs

Malware Config

Targets

    • Target

      65f751b8d3cba3e76bb917f11836339e_JaffaCakes118

    • Size

      401KB

    • MD5

      65f751b8d3cba3e76bb917f11836339e

    • SHA1

      4c5312db3fc74296c841bd7ce59d06b61523e7c9

    • SHA256

      97305fb9b1b94843d935d9b06673cc6280a6256fe3fd3138a251092ffee48aa2

    • SHA512

      d11d449acfd472217d699591243d347a3f764168d93e9fcd928e8846e64f6d2aa9b889d44fddce22aa5a5ca7b32566e3f06b4701ed521bfe387f22b9864d6b71

    • SSDEEP

      6144:8GlfAC7bh5/oH8WqqCJQCZqhBeb7pr4NhUs:8GfAC7FpUQqCuCUDMqUs

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks