General
-
Target
02539c580448cf8078ca317f500e2fee_JaffaCakes118
-
Size
1.7MB
-
Sample
240427-d4zc2sab44
-
MD5
02539c580448cf8078ca317f500e2fee
-
SHA1
70ddd915a550ca3651effb446af1adb4b9f5d8fb
-
SHA256
cca45d77fa86177709457c2638ece6d17c5572cc41a2354b3d05443a7de59952
-
SHA512
6a8f80f1b224a2020691bea56f850fcdb071f16d5cc7d0df863c703e142ca1b09b59d529a6a8f62489ab346c8352798df879aacd074d907e37d662011b74124d
-
SSDEEP
24576:JJ23eWAvbYRExX8dx4ephQYN/FCqDOvHVKUO1Fra:JJZXQx5pio/FCqr14
Malware Config
Targets
-
-
Target
02539c580448cf8078ca317f500e2fee_JaffaCakes118
-
Size
1.7MB
-
MD5
02539c580448cf8078ca317f500e2fee
-
SHA1
70ddd915a550ca3651effb446af1adb4b9f5d8fb
-
SHA256
cca45d77fa86177709457c2638ece6d17c5572cc41a2354b3d05443a7de59952
-
SHA512
6a8f80f1b224a2020691bea56f850fcdb071f16d5cc7d0df863c703e142ca1b09b59d529a6a8f62489ab346c8352798df879aacd074d907e37d662011b74124d
-
SSDEEP
24576:JJ23eWAvbYRExX8dx4ephQYN/FCqDOvHVKUO1Fra:JJZXQx5pio/FCqr14
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1