General

  • Target

    884bd50b738afa22f4c1835a475109d5_JaffaCakes118

  • Size

    372KB

  • Sample

    241102-22r3ysxhqg

  • MD5

    884bd50b738afa22f4c1835a475109d5

  • SHA1

    cf605fce6fb52527a408e6041312543d79a9ccf9

  • SHA256

    ea1030d051ca52f28349414c9427280caac09dd6aa8e47a73d377a7905f49a29

  • SHA512

    5c594fb3bf6ee8fbbfe12cbb2a69ec5a0c5b37e2ef23fcfbcbb81a9ea702dbd66afbf16f1144186e0703a19bfd6deb0409ceebd435d0ea41f3ba659cf4014ebc

  • SSDEEP

    6144:FIokpJLoDgS4UnFT/uHCKrxQluj9zsOqSJV+63LsnMDQDhkhLsAkO16B0uk+0Szm:F+pJLoMbUnFTQCKkLSJT3AMDQDhkhLso

Score
9/10

Malware Config

Targets

    • Target

      FLASH_~2.EXE

    • Size

      676KB

    • MD5

      91aa1cdcda9d5fd08f2266e6be65642c

    • SHA1

      aaa306441b78c9e9a59b59933f0b4f3359f30d40

    • SHA256

      ed563ed6382b79ff1196153bc7c51be7e64612b69172ac2d4605fdfd3a0f1241

    • SHA512

      d26641fa9f81f1d0b1f6e2521dc46c078656a0763e18d5ada38515accefaee75e0333853bd082981b2ca8f3429d12042b264cc7b0ad62b6b28baf456d7a774a0

    • SSDEEP

      12288:VjyfHS3Y0L/6LSJL3oMDQXh8XLsJOBukp:NyfHS2SN328Xgyr

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

    • Target

      FLASH_~3.EXE

    • Size

      456KB

    • MD5

      e4c86934e59605703236a2961b3d350f

    • SHA1

      ad9bc4d12ec0e4c4a980f80d57e418e58afdda7f

    • SHA256

      d2d6f4fea51a4b68506df40f6f1d3b88892460a5e6e3d523aa09a8254332ff6c

    • SHA512

      37feee4aa8e7cb5577949455758c3a4ae55bfb9f511448135067b99861af176bd8217dd8cb86dae1195d26cb59b136028ba6221960279cda4d2e49941f9dd054

    • SSDEEP

      3072:v3u33F4wcra4aUHqy50tS6XW2az/WsVJNmfrXl9b0S571WF3dCYGVwSLcimlajb:Lw2ajyiWz7KXsS55VrLcimlaf

    Score
    5/10
    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks