General

  • Target

    e5bc446d6b25e1369878c3ecefd0ca95_JaffaCakes118

  • Size

    10.8MB

  • Sample

    240407-ynxvhach9v

  • MD5

    e5bc446d6b25e1369878c3ecefd0ca95

  • SHA1

    148cff2938303e21f95dec16a7edfa7d29b9460a

  • SHA256

    8afb9702a230d0753799db260bf9322640842beeb8e42a9cde2963b67c9706ab

  • SHA512

    16087270441c18e46dd689679efd483c80badf8c32a47eb6cbe1559795a258cc39004a88805e5f36ee053600c4a32415efc824f646633fd85b2d68b72ca4eb8c

  • SSDEEP

    49152:bjjjjjjjjjjjjjjjajjjjjjjjjjjjjjjajjjjjjjjjjjjjjjajjjjjjjjjjjjjjj:

Malware Config

Targets

    • Target

      e5bc446d6b25e1369878c3ecefd0ca95_JaffaCakes118

    • Size

      10.8MB

    • MD5

      e5bc446d6b25e1369878c3ecefd0ca95

    • SHA1

      148cff2938303e21f95dec16a7edfa7d29b9460a

    • SHA256

      8afb9702a230d0753799db260bf9322640842beeb8e42a9cde2963b67c9706ab

    • SHA512

      16087270441c18e46dd689679efd483c80badf8c32a47eb6cbe1559795a258cc39004a88805e5f36ee053600c4a32415efc824f646633fd85b2d68b72ca4eb8c

    • SSDEEP

      49152:bjjjjjjjjjjjjjjjajjjjjjjjjjjjjjjajjjjjjjjjjjjjjjajjjjjjjjjjjjjjj:

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks