General

  • Target

    8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241104-f1zwhsvclf

  • MD5

    8f5d322127aded9b0c394b720d91d0d3

  • SHA1

    4e8d8e52e745a3de063efc3875a3c6e4d0712afe

  • SHA256

    0213a9641d7bc86ff09c1a506f4a9f1470663f941e931f983556fa3fe1db15ea

  • SHA512

    fedd9dedfddd068db4df2ecd25c6357d39f7b25c08725604e2c7716b80a5f0af002bbfa9938f10bac18d01936469d08f7445bd2a5155c6a5fd7ac6523c5ac4a9

  • SSDEEP

    24576:+dKwjlw0EOy+1vTbqRFLHYrU0VVOqQF6KXNadaIVVEofxg7TYXv7ZUUt4FI:+dH60Ev+ZKFrYw0WDI/7fJXv7ZUdq

Malware Config

Targets

    • Target

      8f5d322127aded9b0c394b720d91d0d3_JaffaCakes118

    • Size

      1.6MB

    • MD5

      8f5d322127aded9b0c394b720d91d0d3

    • SHA1

      4e8d8e52e745a3de063efc3875a3c6e4d0712afe

    • SHA256

      0213a9641d7bc86ff09c1a506f4a9f1470663f941e931f983556fa3fe1db15ea

    • SHA512

      fedd9dedfddd068db4df2ecd25c6357d39f7b25c08725604e2c7716b80a5f0af002bbfa9938f10bac18d01936469d08f7445bd2a5155c6a5fd7ac6523c5ac4a9

    • SSDEEP

      24576:+dKwjlw0EOy+1vTbqRFLHYrU0VVOqQF6KXNadaIVVEofxg7TYXv7ZUUt4FI:+dH60Ev+ZKFrYw0WDI/7fJXv7ZUdq

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks