General

  • Target

    90c5970f56673b5d52cf32f11096c130_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241123-1d62jaxngy

  • MD5

    90c5970f56673b5d52cf32f11096c130

  • SHA1

    b28a516be658cfaf6846a7b2f2107c24a7583547

  • SHA256

    41c90ad0616b16fc303bd6603b286ac5e0a85e4daaeecf65e40608ab2592c807

  • SHA512

    e69796574fdefd075acfef86588f0964b5b0b750218d7477ce714ed5494e7e02b01b9c8cab3bfdc6521ca15a630a2831e0cdd8449112abfc5577bdf5d9c91b3d

  • SSDEEP

    24576:xbiugqOlMjQmxYIGWLREnemIMBdxdUrs/KUTZ4stkLNcsRgluoGhNj3:xbLgmjs8LRE9VdvUrC1TZXyvXD

Malware Config

Targets

    • Target

      90c5970f56673b5d52cf32f11096c130_JaffaCakes118

    • Size

      1.2MB

    • MD5

      90c5970f56673b5d52cf32f11096c130

    • SHA1

      b28a516be658cfaf6846a7b2f2107c24a7583547

    • SHA256

      41c90ad0616b16fc303bd6603b286ac5e0a85e4daaeecf65e40608ab2592c807

    • SHA512

      e69796574fdefd075acfef86588f0964b5b0b750218d7477ce714ed5494e7e02b01b9c8cab3bfdc6521ca15a630a2831e0cdd8449112abfc5577bdf5d9c91b3d

    • SSDEEP

      24576:xbiugqOlMjQmxYIGWLREnemIMBdxdUrs/KUTZ4stkLNcsRgluoGhNj3:xbLgmjs8LRE9VdvUrC1TZXyvXD

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks