General

  • Target

    JaffaCakes118_c646452a19bb2c9bdc5277cdf4cc942a

  • Size

    292KB

  • Sample

    250119-nfmpfswjfm

  • MD5

    c646452a19bb2c9bdc5277cdf4cc942a

  • SHA1

    8a0e9632a3e8087313debeaaf628ddedbbc05cec

  • SHA256

    2437d749412c7a7ad430cfcf51a40c057322dbfb3d688f0ebe64910ba14bb1ca

  • SHA512

    d70a8ca163e9f5746eac061ed08fea6ad2f2e81152a9a238409a40020dfd232ecba4b1754a0c8e2765e037f1fb7229a32002f2394c5f0458d4061aca87538b4e

  • SSDEEP

    768:QYKjHRuhCAiReRoD4l4lSYPa/XSBaXU6PFHImyWnYFsKw/1C0HBU/XZK6GF8ujxp:bKoCAbRo4lXYrGL

Malware Config

Targets

    • Target

      JaffaCakes118_c646452a19bb2c9bdc5277cdf4cc942a

    • Size

      292KB

    • MD5

      c646452a19bb2c9bdc5277cdf4cc942a

    • SHA1

      8a0e9632a3e8087313debeaaf628ddedbbc05cec

    • SHA256

      2437d749412c7a7ad430cfcf51a40c057322dbfb3d688f0ebe64910ba14bb1ca

    • SHA512

      d70a8ca163e9f5746eac061ed08fea6ad2f2e81152a9a238409a40020dfd232ecba4b1754a0c8e2765e037f1fb7229a32002f2394c5f0458d4061aca87538b4e

    • SSDEEP

      768:QYKjHRuhCAiReRoD4l4lSYPa/XSBaXU6PFHImyWnYFsKw/1C0HBU/XZK6GF8ujxp:bKoCAbRo4lXYrGL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks