General

  • Target

    JaffaCakes118_791661fa93116cdaab35d2beb8880f8f3ca02a586bd433c97264f8fff305dc3a

  • Size

    1.7MB

  • Sample

    241224-2p931azmbp

  • MD5

    50acd47b8e42d1bad8591396d138b640

  • SHA1

    941437a23e445b2ee65ea0e6068d6d0156ac2821

  • SHA256

    791661fa93116cdaab35d2beb8880f8f3ca02a586bd433c97264f8fff305dc3a

  • SHA512

    c5c33044ad415e557e90b362927158affedf6691a0a83bc28ebfaee3a6bdd1c5515e8c28bf65a895b815cda961f49f29d6764c2414521d6c3cac5bfaab613f30

  • SSDEEP

    49152:X2d4gwaj5ea42JdGwgkYoqF7bfdJI0eoC9HZZfft51Mvs7h:XW4gwate4nAoqjqN55iv2h

Malware Config

Targets

    • Target

      sample

    • Size

      1.7MB

    • MD5

      e8ae1f3a412dd275335e8f0dc99a06f3

    • SHA1

      9dd718b9536101926ae8e41be15ed1fe629d3d59

    • SHA256

      6c8314cb40fe0f4bb65c307c8128332c62accce1581e1442ee7daac1d1847a85

    • SHA512

      27b409331795ae4ca8bd312306c3465f96eb79c2ef3d27cf283f74d81513fa18c79b81a648143da46eb3838d29aae02654daa76c32254ee5aceb95ca1d7e6824

    • SSDEEP

      49152:y2dYg2a/9AI4WJxMwmQYoiFPbfrJ8SMECXLzZtBtJ1Kvs3U:yWYg2aFASheoiZGJfJsvgU

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Cryptbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks