General

  • Target

    a414244ecb89d5bdc1a0ece12bb2c2a9_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240403-xpvabsac53

  • MD5

    a414244ecb89d5bdc1a0ece12bb2c2a9

  • SHA1

    fb2c07209b248f612f48a898f449da88b2624fd9

  • SHA256

    59822012b04406a3df0f5893619e6129398134fc922d53ff1f1c9a6daf803f5b

  • SHA512

    f0468ac67445f92a55d1f1511a169f8cada6235209dea67b133c9010201f220d4165e16d8bc50a5385f098d8733bac3ea91f4f270ea605e5768d20e40cc927e9

  • SSDEEP

    24576:8uPmLDUMihIXCE5y8FyDgy7dml+i2rYNapO:8u+LIIX7Y8t+iiYN2O

Malware Config

Targets

    • Target

      a414244ecb89d5bdc1a0ece12bb2c2a9_JaffaCakes118

    • Size

      1.1MB

    • MD5

      a414244ecb89d5bdc1a0ece12bb2c2a9

    • SHA1

      fb2c07209b248f612f48a898f449da88b2624fd9

    • SHA256

      59822012b04406a3df0f5893619e6129398134fc922d53ff1f1c9a6daf803f5b

    • SHA512

      f0468ac67445f92a55d1f1511a169f8cada6235209dea67b133c9010201f220d4165e16d8bc50a5385f098d8733bac3ea91f4f270ea605e5768d20e40cc927e9

    • SSDEEP

      24576:8uPmLDUMihIXCE5y8FyDgy7dml+i2rYNapO:8u+LIIX7Y8t+iiYN2O

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks