General

  • Target

    9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118

  • Size

    48.5MB

  • Sample

    240603-k1bk5sba23

  • MD5

    9137ad342e6d77194f8a57d4f9e92bac

  • SHA1

    42e1ce93ae27b63a6b71504b185c3d5919a4774f

  • SHA256

    483767d43c556f2d17242aeffd5f31cffd72955f31964c0b7d522fe4874b254c

  • SHA512

    28fda7c1f9e537f1db879e38db9a9f4d7f1cdc2a4fd2e98218d43bba671661d996f171b7df6d1321497e670fcada4eb7263a4c56b98a0251c762f06d5db02d40

  • SSDEEP

    1572864:B6dGw17SK0L9pzFeVa1viX8+fdle9ornxtrOW:B6dGwRSPRcXDfdI9ov

Malware Config

Targets

    • Target

      9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118

    • Size

      48.5MB

    • MD5

      9137ad342e6d77194f8a57d4f9e92bac

    • SHA1

      42e1ce93ae27b63a6b71504b185c3d5919a4774f

    • SHA256

      483767d43c556f2d17242aeffd5f31cffd72955f31964c0b7d522fe4874b254c

    • SHA512

      28fda7c1f9e537f1db879e38db9a9f4d7f1cdc2a4fd2e98218d43bba671661d996f171b7df6d1321497e670fcada4eb7263a4c56b98a0251c762f06d5db02d40

    • SSDEEP

      1572864:B6dGw17SK0L9pzFeVa1viX8+fdle9ornxtrOW:B6dGwRSPRcXDfdI9ov

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Stops running service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Installed Components in the registry

    • Modifies Windows Firewall

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks