General

  • Target

    a19e4f52dc89cc8a5ae5a29d01cd4746_JaffaCakes118

  • Size

    889KB

  • Sample

    240612-wh1yvsxgpl

  • MD5

    a19e4f52dc89cc8a5ae5a29d01cd4746

  • SHA1

    33bb6549e41d002128c607723e89449bdfd91106

  • SHA256

    91b62961636993e37335a6119203528f2e4fa5ccc9085bf437ca0a2d8c008339

  • SHA512

    4020833ad207f74da0dad05dec6d9bbddc519a4ebabb298aed64cbea456c73776b7092d5954bf9b0b53fdf24797843cc2cfb789887e59f54422b1f1221db9f45

  • SSDEEP

    24576:VhYXYjTbyZyaGB4yFlek9vJ/lhebboop+6yPN0d:VhYMWyn19RlSb9+xGd

Malware Config

Targets

    • Target

      a19e4f52dc89cc8a5ae5a29d01cd4746_JaffaCakes118

    • Size

      889KB

    • MD5

      a19e4f52dc89cc8a5ae5a29d01cd4746

    • SHA1

      33bb6549e41d002128c607723e89449bdfd91106

    • SHA256

      91b62961636993e37335a6119203528f2e4fa5ccc9085bf437ca0a2d8c008339

    • SHA512

      4020833ad207f74da0dad05dec6d9bbddc519a4ebabb298aed64cbea456c73776b7092d5954bf9b0b53fdf24797843cc2cfb789887e59f54422b1f1221db9f45

    • SSDEEP

      24576:VhYXYjTbyZyaGB4yFlek9vJ/lhebboop+6yPN0d:VhYMWyn19RlSb9+xGd

    • Renames multiple (179) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops Chrome extension

MITRE ATT&CK Enterprise v15

Tasks