General
-
Target
65ee316a2bf447f5b8d9b9202741aaf0_JaffaCakes118
-
Size
977KB
-
Sample
241021-hydavathja
-
MD5
65ee316a2bf447f5b8d9b9202741aaf0
-
SHA1
d231b371e6a7def22b68a3eea9bbce65c6df807c
-
SHA256
b3c8a5ac1a6ec0090d47b5c92b153505ae7dc45541b826dc26104321b4b1acb5
-
SHA512
14eebe6875c48d4662d3a3f3a30ecd7278952fef265a1291fab83b462b5ad04b8e438a8c7722cdeeec711256cf089756719af2178c4efd9eb090aa5c3a3d11fb
-
SSDEEP
24576:htzNGaLv/OMyROGRNSQ/SEdgfp9tmHywc+qrn:PzgGvGPOG3PgLtmSL+m
Malware Config
Targets
-
-
Target
65ee316a2bf447f5b8d9b9202741aaf0_JaffaCakes118
-
Size
977KB
-
MD5
65ee316a2bf447f5b8d9b9202741aaf0
-
SHA1
d231b371e6a7def22b68a3eea9bbce65c6df807c
-
SHA256
b3c8a5ac1a6ec0090d47b5c92b153505ae7dc45541b826dc26104321b4b1acb5
-
SHA512
14eebe6875c48d4662d3a3f3a30ecd7278952fef265a1291fab83b462b5ad04b8e438a8c7722cdeeec711256cf089756719af2178c4efd9eb090aa5c3a3d11fb
-
SSDEEP
24576:htzNGaLv/OMyROGRNSQ/SEdgfp9tmHywc+qrn:PzgGvGPOG3PgLtmSL+m
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2