General

  • Target

    e768ec5e24cb968f95f502c6e2a3fd0a_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240408-n4tgxage86

  • MD5

    e768ec5e24cb968f95f502c6e2a3fd0a

  • SHA1

    c863d456c8ffe48dac95b1466b27ad110a0783e9

  • SHA256

    ef1dcaed391183704deadbefbd7dba3aedd57edd87dcfc0482f8218e86050bf2

  • SHA512

    a6b4e5684abf1086a3c3a848c4abcf64a9e697b72253452ecd3b383218ac04b9d1e638f639be272b0945ff26273acdaf865f494b971947e4fad163e7afffcbdd

  • SSDEEP

    98304:QJQaLXTZx9lyUZJ0HArfMgHHIpP3VdXVQ//i6rQUKx44bacL7ZI:QJQaLnyUE8ERdXVQhroxXbZ3O

Malware Config

Targets

    • Target

      e768ec5e24cb968f95f502c6e2a3fd0a_JaffaCakes118

    • Size

      4.5MB

    • MD5

      e768ec5e24cb968f95f502c6e2a3fd0a

    • SHA1

      c863d456c8ffe48dac95b1466b27ad110a0783e9

    • SHA256

      ef1dcaed391183704deadbefbd7dba3aedd57edd87dcfc0482f8218e86050bf2

    • SHA512

      a6b4e5684abf1086a3c3a848c4abcf64a9e697b72253452ecd3b383218ac04b9d1e638f639be272b0945ff26273acdaf865f494b971947e4fad163e7afffcbdd

    • SSDEEP

      98304:QJQaLXTZx9lyUZJ0HArfMgHHIpP3VdXVQ//i6rQUKx44bacL7ZI:QJQaLnyUE8ERdXVQhroxXbZ3O

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks