General

  • Target

    e757ec9e092cc7f3b64ba733720b5e2b_JaffaCakes118

  • Size

    484KB

  • Sample

    240408-ngltjsbc4s

  • MD5

    e757ec9e092cc7f3b64ba733720b5e2b

  • SHA1

    0a3f39f8c6d6ca35c1f28576f92e16420a012952

  • SHA256

    e372acbb28c8cc5c9ca112a1043d27d0feffda9b3828b6a59b3d736f277c9392

  • SHA512

    75914a2b33f7633322fe45dc89263a4760c368991a9a52df8c3f25dc6dc2ad4781cf515add7a40570a7720de4155f78b98407302f357d51548a68c9a85430c33

  • SSDEEP

    12288:bP9GBWQch+L/ZgHP+v7xK0DmFwUfIp7JVyvWt1aBnSFAPHzeO:bPoBHch+uudKNffiv1aVSaPTeO

Malware Config

Targets

    • Target

      e757ec9e092cc7f3b64ba733720b5e2b_JaffaCakes118

    • Size

      484KB

    • MD5

      e757ec9e092cc7f3b64ba733720b5e2b

    • SHA1

      0a3f39f8c6d6ca35c1f28576f92e16420a012952

    • SHA256

      e372acbb28c8cc5c9ca112a1043d27d0feffda9b3828b6a59b3d736f277c9392

    • SHA512

      75914a2b33f7633322fe45dc89263a4760c368991a9a52df8c3f25dc6dc2ad4781cf515add7a40570a7720de4155f78b98407302f357d51548a68c9a85430c33

    • SSDEEP

      12288:bP9GBWQch+L/ZgHP+v7xK0DmFwUfIp7JVyvWt1aBnSFAPHzeO:bPoBHch+uudKNffiv1aVSaPTeO

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks