General

  • Target

    JaffaCakes118_1c2e062ae6ea4663df4a59d5da372390

  • Size

    255KB

  • Sample

    250704-pqzx7shp61

  • MD5

    1c2e062ae6ea4663df4a59d5da372390

  • SHA1

    225ca3be1878d24173fc7ac7b96c33a1157a3d88

  • SHA256

    a78eb41d49b8c3949578e238ff18a4207e80f0a4f08b37c02a977dbf64b806c0

  • SHA512

    19bb35f66dd84c7fa77812411de15105a4235e094788c8468798d74a732c99068244d737f6fcf1beb220e4e7ff697027a7254eda8ef7a23d73d9e43582b31522

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5+6MyAvEpLJjViik+i:h1OgLdaO+3yAcdJjFY

Malware Config

Targets

    • Target

      JaffaCakes118_1c2e062ae6ea4663df4a59d5da372390

    • Size

      255KB

    • MD5

      1c2e062ae6ea4663df4a59d5da372390

    • SHA1

      225ca3be1878d24173fc7ac7b96c33a1157a3d88

    • SHA256

      a78eb41d49b8c3949578e238ff18a4207e80f0a4f08b37c02a977dbf64b806c0

    • SHA512

      19bb35f66dd84c7fa77812411de15105a4235e094788c8468798d74a732c99068244d737f6fcf1beb220e4e7ff697027a7254eda8ef7a23d73d9e43582b31522

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5+6MyAvEpLJjViik+i:h1OgLdaO+3yAcdJjFY

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks