General

  • Target

    e656773969e9479715f29df8e1f6e794_JaffaCakes118

  • Size

    632KB

  • Sample

    240408-b2yydsda64

  • MD5

    e656773969e9479715f29df8e1f6e794

  • SHA1

    447396a4b1585790a38100b999071b001b0dfecf

  • SHA256

    ef5fa348cc3df4d6d9caa4289a18fd666fc087bb54e5c145f914ffa02c556b95

  • SHA512

    efe37adb795af7d25e413ce3b740012a29b5fe3dcfd44024697c4eac45f503646f7d1ea861f91e2ccc6730da633a2d4d92e4f890a5a0041c0cb1a9fbb3ccec83

  • SSDEEP

    12288:zXCNi9BJ1+dYIVK+R8owCg/C9C5Ny4gYvbD7BC1n/+V8aRpp9P9:2W2dHR2/C9C7ZjBcmRp79

Malware Config

Targets

    • Target

      e656773969e9479715f29df8e1f6e794_JaffaCakes118

    • Size

      632KB

    • MD5

      e656773969e9479715f29df8e1f6e794

    • SHA1

      447396a4b1585790a38100b999071b001b0dfecf

    • SHA256

      ef5fa348cc3df4d6d9caa4289a18fd666fc087bb54e5c145f914ffa02c556b95

    • SHA512

      efe37adb795af7d25e413ce3b740012a29b5fe3dcfd44024697c4eac45f503646f7d1ea861f91e2ccc6730da633a2d4d92e4f890a5a0041c0cb1a9fbb3ccec83

    • SSDEEP

      12288:zXCNi9BJ1+dYIVK+R8owCg/C9C5Ny4gYvbD7BC1n/+V8aRpp9P9:2W2dHR2/C9C7ZjBcmRp79

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks