General

  • Target

    d6a1ab2daea41e90484caec2a4d67afc_JaffaCakes118

  • Size

    8.7MB

  • Sample

    241208-msc54swlcl

  • MD5

    d6a1ab2daea41e90484caec2a4d67afc

  • SHA1

    4b802190601bcf4a16bac79b2d92b8bd05a5470b

  • SHA256

    630bcd397047e705dcef03a42ffeff2646dd00c41a91615f0de48354131c78fe

  • SHA512

    4288d3babc19661cc4e4b1e3b2521c8db72b5e02480190d1e172f09c7b0c9c4ca0eddb42ee61e0bb7c1eade7fe8a0c6949e92570f6662ea23a8558ec7571ea9d

  • SSDEEP

    196608:WQR0skDgPH8TKHnp125eUDJMlLCUu+2763PoyR:WQR7pcT3AUFMhCUu+2oPoM

Malware Config

Targets

    • Target

      d6a1ab2daea41e90484caec2a4d67afc_JaffaCakes118

    • Size

      8.7MB

    • MD5

      d6a1ab2daea41e90484caec2a4d67afc

    • SHA1

      4b802190601bcf4a16bac79b2d92b8bd05a5470b

    • SHA256

      630bcd397047e705dcef03a42ffeff2646dd00c41a91615f0de48354131c78fe

    • SHA512

      4288d3babc19661cc4e4b1e3b2521c8db72b5e02480190d1e172f09c7b0c9c4ca0eddb42ee61e0bb7c1eade7fe8a0c6949e92570f6662ea23a8558ec7571ea9d

    • SSDEEP

      196608:WQR0skDgPH8TKHnp125eUDJMlLCUu+2763PoyR:WQR7pcT3AUFMhCUu+2oPoM

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Echelon family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks