General
-
Target
df5c5f0768e8d2f554467b930afda09c_JaffaCakes118
-
Size
930KB
-
Sample
241211-bwf6dsyqaw
-
MD5
df5c5f0768e8d2f554467b930afda09c
-
SHA1
6b00445635ef04d12b0bb8992c8cc1ae384383f4
-
SHA256
86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce
-
SHA512
f23c63f52dd7728526c7c461335ea355d0746947a53ce7c6bf6226a7f78c530158851e3d269ba658404a8f4e52cebe8feb7ca441526ef73f752a9e5717ba7a27
-
SSDEEP
24576:7W5d/Zo0AI0kkHBIYRj4wUrFGtwl9Cs5ySq:716aJj4drFGw9bs5
Static task
static1
Behavioral task
behavioral1
Sample
df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.fcektsy.top/
Targets
-
-
Target
df5c5f0768e8d2f554467b930afda09c_JaffaCakes118
-
Size
930KB
-
MD5
df5c5f0768e8d2f554467b930afda09c
-
SHA1
6b00445635ef04d12b0bb8992c8cc1ae384383f4
-
SHA256
86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce
-
SHA512
f23c63f52dd7728526c7c461335ea355d0746947a53ce7c6bf6226a7f78c530158851e3d269ba658404a8f4e52cebe8feb7ca441526ef73f752a9e5717ba7a27
-
SSDEEP
24576:7W5d/Zo0AI0kkHBIYRj4wUrFGtwl9Cs5ySq:716aJj4drFGw9bs5
-
Socelars family
-
Socelars payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1