General

  • Target

    JaffaCakes118_1c63c7d443d7cad59d023f45d562f8bd

  • Size

    255KB

  • Sample

    250704-ve3gvawrs3

  • MD5

    1c63c7d443d7cad59d023f45d562f8bd

  • SHA1

    45b1e894351dae44d6b69f91a5de23d934c56bd5

  • SHA256

    9836c942a0c527cbf9a4aa9fe88862654a04c0930037ff6b79fbf68cd63a7454

  • SHA512

    68d24be8b3af18de7811967165d731a256fb51e1c9736b4a8d4c641f0ee5e2263895e7bc0c0515c89388b4a7a8a2bac49ba82eb8f1db326fbe115563acac73a7

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5ptQuCxYFa1u/YUJG42xCIEC6y3:h1OgLdaOUuCaFaQ/l2cjC7

Malware Config

Targets

    • Target

      JaffaCakes118_1c63c7d443d7cad59d023f45d562f8bd

    • Size

      255KB

    • MD5

      1c63c7d443d7cad59d023f45d562f8bd

    • SHA1

      45b1e894351dae44d6b69f91a5de23d934c56bd5

    • SHA256

      9836c942a0c527cbf9a4aa9fe88862654a04c0930037ff6b79fbf68cd63a7454

    • SHA512

      68d24be8b3af18de7811967165d731a256fb51e1c9736b4a8d4c641f0ee5e2263895e7bc0c0515c89388b4a7a8a2bac49ba82eb8f1db326fbe115563acac73a7

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5ptQuCxYFa1u/YUJG42xCIEC6y3:h1OgLdaOUuCaFaQ/l2cjC7

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks