General

  • Target

    JaffaCakes118_d1313b6995251ee993f4b8842c7f87f0

  • Size

    3.0MB

  • Sample

    250119-yeqd3atken

  • MD5

    d1313b6995251ee993f4b8842c7f87f0

  • SHA1

    badaf444b6d9d43086bf1f09e2f65f7d11a29f1d

  • SHA256

    4e4f8a682c09dfac817bec8f1a4ee7905a64c8a441141dde701729b6e42f4752

  • SHA512

    4b774884b4c3f7ecc33ea179514fc0ec8f25b3af935cc0236098fdd5ec58af587d6428280b3f9838cfb08c9efe32d6f1c47f1e4e7aff672c49f6de35f7b60eb3

  • SSDEEP

    98304:rIZVEg7EYapEX87T4HOVUBvRdqzjbstaP:rIZVEsEYapEX87T4HOVUB5dqzjbx

Malware Config

Targets

    • Target

      JaffaCakes118_d1313b6995251ee993f4b8842c7f87f0

    • Size

      3.0MB

    • MD5

      d1313b6995251ee993f4b8842c7f87f0

    • SHA1

      badaf444b6d9d43086bf1f09e2f65f7d11a29f1d

    • SHA256

      4e4f8a682c09dfac817bec8f1a4ee7905a64c8a441141dde701729b6e42f4752

    • SHA512

      4b774884b4c3f7ecc33ea179514fc0ec8f25b3af935cc0236098fdd5ec58af587d6428280b3f9838cfb08c9efe32d6f1c47f1e4e7aff672c49f6de35f7b60eb3

    • SSDEEP

      98304:rIZVEg7EYapEX87T4HOVUBvRdqzjbstaP:rIZVEsEYapEX87T4HOVUB5dqzjbx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks