General
-
Target
90e4e0325fef7dfc53c014cf4e466935_JaffaCakes118
-
Size
821KB
-
Sample
241123-1wsa4avmgr
-
MD5
90e4e0325fef7dfc53c014cf4e466935
-
SHA1
3b5a6fd182da71a33908aaa54adfc85fc2c5712e
-
SHA256
b14394efcf50f2826c41f1d4b6fa1c53496c3f9358b282521ebf4186fd57c6e8
-
SHA512
caa063cfe51e60196cb4dd1e6d0cfedcb4956e8a6ee3dcd68c721fe997dafe77b1d1753a49f60422811c03e772f695c912a22b4302f68b02321ed1cb36286c8f
-
SSDEEP
24576:aiBWRUOgjf4hivrwOj05DK+7yfF/37Za03/pbl:aiBEUOkfJkPlgFPt3bl
Malware Config
Targets
-
-
Target
90e4e0325fef7dfc53c014cf4e466935_JaffaCakes118
-
Size
821KB
-
MD5
90e4e0325fef7dfc53c014cf4e466935
-
SHA1
3b5a6fd182da71a33908aaa54adfc85fc2c5712e
-
SHA256
b14394efcf50f2826c41f1d4b6fa1c53496c3f9358b282521ebf4186fd57c6e8
-
SHA512
caa063cfe51e60196cb4dd1e6d0cfedcb4956e8a6ee3dcd68c721fe997dafe77b1d1753a49f60422811c03e772f695c912a22b4302f68b02321ed1cb36286c8f
-
SSDEEP
24576:aiBWRUOgjf4hivrwOj05DK+7yfF/37Za03/pbl:aiBEUOkfJkPlgFPt3bl
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1