General

  • Target

    8cb57142203a2d17bb348130b885cc6f_JaffaCakes118

  • Size

    4.1MB

  • Sample

    241103-v9sacs1ajk

  • MD5

    8cb57142203a2d17bb348130b885cc6f

  • SHA1

    f4fe17ad63678b50ce948d680d8913162cb670e7

  • SHA256

    b99d0087d7ff6ae26b979c55e8fc6aadd71e4e97747f6e64c2f5febd5e82eeb1

  • SHA512

    e98a4fa163941c8713123f1a4b17688d5becb63efeeee7caf817b5cf6b86eef7f4fc70a2e61b55ab1ee3c32431c71f4693ef4bb3c0eea4a852a4b0ebfb44f960

  • SSDEEP

    3072:w+1wNDJm6C8AAdVxOjkHyKVffg7S2WxKRskGbpOfEqbU:/yNtm/ACkHyI2WxMsJbpOfEqQ

Malware Config

Targets

    • Target

      8cb57142203a2d17bb348130b885cc6f_JaffaCakes118

    • Size

      4.1MB

    • MD5

      8cb57142203a2d17bb348130b885cc6f

    • SHA1

      f4fe17ad63678b50ce948d680d8913162cb670e7

    • SHA256

      b99d0087d7ff6ae26b979c55e8fc6aadd71e4e97747f6e64c2f5febd5e82eeb1

    • SHA512

      e98a4fa163941c8713123f1a4b17688d5becb63efeeee7caf817b5cf6b86eef7f4fc70a2e61b55ab1ee3c32431c71f4693ef4bb3c0eea4a852a4b0ebfb44f960

    • SSDEEP

      3072:w+1wNDJm6C8AAdVxOjkHyKVffg7S2WxKRskGbpOfEqbU:/yNtm/ACkHyI2WxMsJbpOfEqQ

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks