General

  • Target

    8a3b5f273275d78d4d4529efdb5d424c_JaffaCakes118

  • Size

    68KB

  • Sample

    241103-h2zy1sydnn

  • MD5

    8a3b5f273275d78d4d4529efdb5d424c

  • SHA1

    c7a01c80f301131aad6c3d6fca3d1ef4ba469929

  • SHA256

    e926ef5962f7dee659e709c43784c71b78bd8f292c13864ce8b00b38341be215

  • SHA512

    d2552d542eb67595380dc2f767379afa7f9dd3f63b36fe809ff9d193853dddbce62810829a2a5212d015c7537346c195ddc82e154c1730f2fb086f07e260575d

  • SSDEEP

    1536:GJcJOCu+xfrwp/ySv3p9GyqNapcaM0Ikp7TlKgDgcbqt0ufu0GgdKdGP4VWJ+Avx:GqgCu+xfrwp/ySPpMyqNapcaM0Ikp7TK

Malware Config

Targets

    • Target

      8a3b5f273275d78d4d4529efdb5d424c_JaffaCakes118

    • Size

      68KB

    • MD5

      8a3b5f273275d78d4d4529efdb5d424c

    • SHA1

      c7a01c80f301131aad6c3d6fca3d1ef4ba469929

    • SHA256

      e926ef5962f7dee659e709c43784c71b78bd8f292c13864ce8b00b38341be215

    • SHA512

      d2552d542eb67595380dc2f767379afa7f9dd3f63b36fe809ff9d193853dddbce62810829a2a5212d015c7537346c195ddc82e154c1730f2fb086f07e260575d

    • SSDEEP

      1536:GJcJOCu+xfrwp/ySv3p9GyqNapcaM0Ikp7TlKgDgcbqt0ufu0GgdKdGP4VWJ+Avx:GqgCu+xfrwp/ySPpMyqNapcaM0Ikp7TK

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks