General

  • Target

    843d9e903fe501b7e875674d97a03ebc_JaffaCakes118

  • Size

    128KB

  • Sample

    241101-hvwb9awqas

  • MD5

    843d9e903fe501b7e875674d97a03ebc

  • SHA1

    25a20abc2b8ea8d66f85de8fb6c28935c3cc05b0

  • SHA256

    9eb3c4be7581e69b6c1bde93f3794daa1f98055a858a8d7623fbd362970c2476

  • SHA512

    8fc24b3e548111f5957577360d005d6b4de28124f980e07509d0e24349593f55c692bd62bdc2aa72c23bdfdfcd307f08dacb009b8d4f754869003cbe0fdb471a

  • SSDEEP

    3072:gJjG8T8mMkfpb8GmZSak5GJ/HYJokfpb8GmZSa:gM0r3f+GmZXk5I/4Jjf+GmZX

Malware Config

Targets

    • Target

      843d9e903fe501b7e875674d97a03ebc_JaffaCakes118

    • Size

      128KB

    • MD5

      843d9e903fe501b7e875674d97a03ebc

    • SHA1

      25a20abc2b8ea8d66f85de8fb6c28935c3cc05b0

    • SHA256

      9eb3c4be7581e69b6c1bde93f3794daa1f98055a858a8d7623fbd362970c2476

    • SHA512

      8fc24b3e548111f5957577360d005d6b4de28124f980e07509d0e24349593f55c692bd62bdc2aa72c23bdfdfcd307f08dacb009b8d4f754869003cbe0fdb471a

    • SSDEEP

      3072:gJjG8T8mMkfpb8GmZSak5GJ/HYJokfpb8GmZSa:gM0r3f+GmZXk5I/4Jjf+GmZX

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks