General

  • Target

    JaffaCakes118_c589abbae1a52a20840f5546f8fb44df

  • Size

    856KB

  • Sample

    250119-mt4z8atqdt

  • MD5

    c589abbae1a52a20840f5546f8fb44df

  • SHA1

    a9fd44de669616454a84b6370422974bd084c150

  • SHA256

    1b34b4e8c04b4bfebcab1771986d9b92bb39751a30efc540b8976a9fd3bb9edb

  • SHA512

    9a69f9403179da731d9ff4e7afe7e892998886acd2b321276711fbd5ed28dfd161c35de8e0895bf30d06771a2a466fff8d3d210ebb63f5bfffe0ca3e05576ade

  • SSDEEP

    24576:kvPV6YQPnWhHhY0/vXl0OhbcRmeDt+gS8u6a9ysGulVO:kPUYR6wZhmmEQf9yG8

Malware Config

Targets

    • Target

      JaffaCakes118_c589abbae1a52a20840f5546f8fb44df

    • Size

      856KB

    • MD5

      c589abbae1a52a20840f5546f8fb44df

    • SHA1

      a9fd44de669616454a84b6370422974bd084c150

    • SHA256

      1b34b4e8c04b4bfebcab1771986d9b92bb39751a30efc540b8976a9fd3bb9edb

    • SHA512

      9a69f9403179da731d9ff4e7afe7e892998886acd2b321276711fbd5ed28dfd161c35de8e0895bf30d06771a2a466fff8d3d210ebb63f5bfffe0ca3e05576ade

    • SSDEEP

      24576:kvPV6YQPnWhHhY0/vXl0OhbcRmeDt+gS8u6a9ysGulVO:kPUYR6wZhmmEQf9yG8

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks