General

  • Target

    8db09e06307b83a62ea8cceff6a4aff7_JaffaCakes118

  • Size

    760KB

  • Sample

    241103-1vmn8avla1

  • MD5

    8db09e06307b83a62ea8cceff6a4aff7

  • SHA1

    ebc5502cfa66701c96bac107c4211b1376360718

  • SHA256

    a8a9645a8e2dc99ea99fa711285d29e7bc66bb709ce3861653a7e562d47b6a4e

  • SHA512

    a6e4e64d5347037aadd61b65761bd3133b75ac3a8f729cfc21adf175291b161b1a8ce575d5424b480a754ebe31f276553fcd0eef2c844c7a117780025f8c32e8

  • SSDEEP

    12288:CCFaUp21XoXRUyPWQ8sXGZ0wechZUjYn5mN2yfwSbmOeFXAt3LMA6apXk5REzW5I:d9KY2YWQwRZUEn5mN2WwGe82apXk5RE7

Malware Config

Targets

    • Target

      8db09e06307b83a62ea8cceff6a4aff7_JaffaCakes118

    • Size

      760KB

    • MD5

      8db09e06307b83a62ea8cceff6a4aff7

    • SHA1

      ebc5502cfa66701c96bac107c4211b1376360718

    • SHA256

      a8a9645a8e2dc99ea99fa711285d29e7bc66bb709ce3861653a7e562d47b6a4e

    • SHA512

      a6e4e64d5347037aadd61b65761bd3133b75ac3a8f729cfc21adf175291b161b1a8ce575d5424b480a754ebe31f276553fcd0eef2c844c7a117780025f8c32e8

    • SSDEEP

      12288:CCFaUp21XoXRUyPWQ8sXGZ0wechZUjYn5mN2yfwSbmOeFXAt3LMA6apXk5REzW5I:d9KY2YWQwRZUEn5mN2WwGe82apXk5RE7

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks