General

  • Target

    8ddd0c04cbe52f0d4438adfe40f70136_JaffaCakes118

  • Size

    81KB

  • Sample

    241103-2pzl9syrdm

  • MD5

    8ddd0c04cbe52f0d4438adfe40f70136

  • SHA1

    c43760bfef203cadabfe81d7e1d5530fe5703817

  • SHA256

    99085fc2c2d2c821c6d099946eeb2d689219324b3c5cf7e79676875e65132066

  • SHA512

    cd9803b0c5c865586674fc4028ce90a5fe21a33b8fb2481151c0de5b3d58894cb068eb42d3a6228d8196fddd9f2d2f8b7e3ad9f33908fda0c0235eb0664f74b6

  • SSDEEP

    768:bkpLA8BtBV0QJcW5wqInmNSfyvwx+BKXCJW+trdvsWCJn66kvORIF4+ZN:KkQJcqwmIfj+ECJG/kvOaF48

Malware Config

Targets

    • Target

      8ddd0c04cbe52f0d4438adfe40f70136_JaffaCakes118

    • Size

      81KB

    • MD5

      8ddd0c04cbe52f0d4438adfe40f70136

    • SHA1

      c43760bfef203cadabfe81d7e1d5530fe5703817

    • SHA256

      99085fc2c2d2c821c6d099946eeb2d689219324b3c5cf7e79676875e65132066

    • SHA512

      cd9803b0c5c865586674fc4028ce90a5fe21a33b8fb2481151c0de5b3d58894cb068eb42d3a6228d8196fddd9f2d2f8b7e3ad9f33908fda0c0235eb0664f74b6

    • SSDEEP

      768:bkpLA8BtBV0QJcW5wqInmNSfyvwx+BKXCJW+trdvsWCJn66kvORIF4+ZN:KkQJcqwmIfj+ECJG/kvOaF48

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks