General

  • Target

    a289567758d7faa9f8e3a526e93c21e7_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240403-wc5d4agb8s

  • MD5

    a289567758d7faa9f8e3a526e93c21e7

  • SHA1

    558a2400df72da71acedafa4ea6ecfe6166a57e0

  • SHA256

    ea056eb8dd0e644ab352332b94da04e683779717d0c550d169e5feb987c37508

  • SHA512

    cfe85955a6867c5cf53e4c9ef09508dea7044430954d565dc1929f980aed55d282940c32a43997a73667b859fc2b662892d2de0e7c4029965b9a051ccc488a04

  • SSDEEP

    98304:iJQaLXTZx9lyUZJ0HArfMgHHIpP3VdPVQ//i6rQUKx44bacLeZI:iJQaLnyUE8ERdPVQhroxXbZCO

Malware Config

Targets

    • Target

      a289567758d7faa9f8e3a526e93c21e7_JaffaCakes118

    • Size

      4.5MB

    • MD5

      a289567758d7faa9f8e3a526e93c21e7

    • SHA1

      558a2400df72da71acedafa4ea6ecfe6166a57e0

    • SHA256

      ea056eb8dd0e644ab352332b94da04e683779717d0c550d169e5feb987c37508

    • SHA512

      cfe85955a6867c5cf53e4c9ef09508dea7044430954d565dc1929f980aed55d282940c32a43997a73667b859fc2b662892d2de0e7c4029965b9a051ccc488a04

    • SSDEEP

      98304:iJQaLXTZx9lyUZJ0HArfMgHHIpP3VdPVQ//i6rQUKx44bacLeZI:iJQaLnyUE8ERdPVQhroxXbZCO

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks