General

  • Target

    JaffaCakes118_64e34ad1bd9dcff0734761d0dfe2dab1

  • Size

    858KB

  • Sample

    250115-3nkbma1nhr

  • MD5

    64e34ad1bd9dcff0734761d0dfe2dab1

  • SHA1

    7c92b3df0ecfa87fbd62d15cb1a11f71f4485060

  • SHA256

    72a679c8f76640618e4ca7b71cf49e0e31b9de43426ad3dc5f99a9bf7b2c5190

  • SHA512

    76f51986818f8b09c40762e48bbea35698a68af10a71fdb7c5c40a2e09bf1da0dc30ffd2398508eec4464fa57d99c990fe1c5d397def78fe13e36be163af879b

  • SSDEEP

    24576:HwagPnOWuTCV/UTRWfZpFe1JYyt3vZ+iKIVnpuF:ng/OWu+VMTRuZpIrvZ+qW

Malware Config

Targets

    • Target

      JaffaCakes118_64e34ad1bd9dcff0734761d0dfe2dab1

    • Size

      858KB

    • MD5

      64e34ad1bd9dcff0734761d0dfe2dab1

    • SHA1

      7c92b3df0ecfa87fbd62d15cb1a11f71f4485060

    • SHA256

      72a679c8f76640618e4ca7b71cf49e0e31b9de43426ad3dc5f99a9bf7b2c5190

    • SHA512

      76f51986818f8b09c40762e48bbea35698a68af10a71fdb7c5c40a2e09bf1da0dc30ffd2398508eec4464fa57d99c990fe1c5d397def78fe13e36be163af879b

    • SSDEEP

      24576:HwagPnOWuTCV/UTRWfZpFe1JYyt3vZ+iKIVnpuF:ng/OWu+VMTRuZpIrvZ+qW

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks