General
-
Target
e8f5971c3dbf941aafcc3ba09895ae4a_JaffaCakes118
-
Size
480KB
-
Sample
240409-cgbsssef8w
-
MD5
e8f5971c3dbf941aafcc3ba09895ae4a
-
SHA1
9f8c99a8b83a325bd908769bbb832645837a5692
-
SHA256
608e48dd2297ee62fec79ff646a48312b097452a2ad6e562d4d2820dd88b3e83
-
SHA512
b8b56812f6965daab89688caefcf6e4ca8203c35fd125bf0d46583238782aa0e312adc75bbd49f1d6ae1d3339755908370736a2d55f28cb97754dda2d2fd19a9
-
SSDEEP
12288:bhrF8USr4TUo9yW/3ZEgvKvI59Kk+MMli+uP:bhrF8JwUoHpEuvZ2
Malware Config
Targets
-
-
Target
e8f5971c3dbf941aafcc3ba09895ae4a_JaffaCakes118
-
Size
480KB
-
MD5
e8f5971c3dbf941aafcc3ba09895ae4a
-
SHA1
9f8c99a8b83a325bd908769bbb832645837a5692
-
SHA256
608e48dd2297ee62fec79ff646a48312b097452a2ad6e562d4d2820dd88b3e83
-
SHA512
b8b56812f6965daab89688caefcf6e4ca8203c35fd125bf0d46583238782aa0e312adc75bbd49f1d6ae1d3339755908370736a2d55f28cb97754dda2d2fd19a9
-
SSDEEP
12288:bhrF8USr4TUo9yW/3ZEgvKvI59Kk+MMli+uP:bhrF8JwUoHpEuvZ2
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1