General

  • Target

    JaffaCakes118_1c5f5296e6ece876a9011d24d96a66d4

  • Size

    255KB

  • Sample

    250704-t5nkyawshv

  • MD5

    1c5f5296e6ece876a9011d24d96a66d4

  • SHA1

    4988b6dca5b9683c4b4f479580c81c1b7939c9fb

  • SHA256

    e513ac4557531d7ae207b6e650a795d678c63c7bd6f3df8eb49e8f55764e2d67

  • SHA512

    208bb532dc66472924c8b732fda9011183c175a5543ea1d2d0f7cbb9e4f9c6c0ed8874978f878835e05be0b4732da18ecfe7d68b0f211bdc5eb5a098776f22ec

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5vybtVxDsI7Z1xIgPFr:h1OgLdaOqzFUYr

Malware Config

Targets

    • Target

      JaffaCakes118_1c5f5296e6ece876a9011d24d96a66d4

    • Size

      255KB

    • MD5

      1c5f5296e6ece876a9011d24d96a66d4

    • SHA1

      4988b6dca5b9683c4b4f479580c81c1b7939c9fb

    • SHA256

      e513ac4557531d7ae207b6e650a795d678c63c7bd6f3df8eb49e8f55764e2d67

    • SHA512

      208bb532dc66472924c8b732fda9011183c175a5543ea1d2d0f7cbb9e4f9c6c0ed8874978f878835e05be0b4732da18ecfe7d68b0f211bdc5eb5a098776f22ec

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5vybtVxDsI7Z1xIgPFr:h1OgLdaOqzFUYr

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks