General

  • Target

    838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241031-wcm5tasalh

  • MD5

    838ef1fb38da83e9671a6b8803feffa4

  • SHA1

    8d5e0f8dff04a4ea3245b980a8232b571e572fcc

  • SHA256

    9ec1994214e4beca6c49340f19bd4546ac4d4a26dd932595048b733f3755e6c5

  • SHA512

    91496b4caf53f22786939d5a4c971e95c9e28a3e74c08166ebbb6915d6291b162ec211c789bf3faf657bac9b1f97527106d74b59aae75fa04c9b3e1c2ac4c136

  • SSDEEP

    12288:2DVlxntazf9MrJcZB/S3HzNJmclAfT0RgXZDF5layOMZU4kJ514QCAP/9U8oHFwj:syHP/kHQtHjC2HGSS

Malware Config

Targets

    • Target

      838ef1fb38da83e9671a6b8803feffa4_JaffaCakes118

    • Size

      1.0MB

    • MD5

      838ef1fb38da83e9671a6b8803feffa4

    • SHA1

      8d5e0f8dff04a4ea3245b980a8232b571e572fcc

    • SHA256

      9ec1994214e4beca6c49340f19bd4546ac4d4a26dd932595048b733f3755e6c5

    • SHA512

      91496b4caf53f22786939d5a4c971e95c9e28a3e74c08166ebbb6915d6291b162ec211c789bf3faf657bac9b1f97527106d74b59aae75fa04c9b3e1c2ac4c136

    • SSDEEP

      12288:2DVlxntazf9MrJcZB/S3HzNJmclAfT0RgXZDF5layOMZU4kJ514QCAP/9U8oHFwj:syHP/kHQtHjC2HGSS

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks