General

  • Target

    8c9588fc840287eceba9843b060d2fa6_JaffaCakes118

  • Size

    292KB

  • Sample

    241103-vpv6hsyhre

  • MD5

    8c9588fc840287eceba9843b060d2fa6

  • SHA1

    7c85d272c9ff7232564775f22ac159d09ec4803e

  • SHA256

    b90acc871419af0cbd6e5e809e9aa36ee0e804597fc069f0f8572120faf20462

  • SHA512

    ba196820b64936adb0fc46ce417695d9e0fcbdd4e7cac8708583938a84dc2edfd29b498ab6829829959f670736e2d28a5ff16d7a76cfa9bbeb7d0409ffaa4ba9

  • SSDEEP

    6144:Vc6F7DOB46I0OdVdjldMnLY2/5bxos14IYE:VJF7DO5LOb3d12hbxoE4DE

Malware Config

Targets

    • Target

      8c9588fc840287eceba9843b060d2fa6_JaffaCakes118

    • Size

      292KB

    • MD5

      8c9588fc840287eceba9843b060d2fa6

    • SHA1

      7c85d272c9ff7232564775f22ac159d09ec4803e

    • SHA256

      b90acc871419af0cbd6e5e809e9aa36ee0e804597fc069f0f8572120faf20462

    • SHA512

      ba196820b64936adb0fc46ce417695d9e0fcbdd4e7cac8708583938a84dc2edfd29b498ab6829829959f670736e2d28a5ff16d7a76cfa9bbeb7d0409ffaa4ba9

    • SSDEEP

      6144:Vc6F7DOB46I0OdVdjldMnLY2/5bxos14IYE:VJF7DO5LOb3d12hbxoE4DE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks