General

  • Target

    a327d250e7bbf917a430e061928a0620_JaffaCakes118

  • Size

    316KB

  • Sample

    240613-at25ea1brk

  • MD5

    a327d250e7bbf917a430e061928a0620

  • SHA1

    e0a9f9ff30e7490778f2016b09c021b5861ffc92

  • SHA256

    4e7534a8e4f5f30d307129c8afcf0ba2d109de663d5263c03065e88e4a2ad109

  • SHA512

    d1340e66b7eb0ddf2a789ef202d2e0995e807f4459e891aecdcd7b9e0b2ab00bc02d5218922c1fea0021956b1069aca0b49b77f609901cbd4f6f713b32d83e85

  • SSDEEP

    6144:c49F//ILV18/sGqFEQBTYjkXs0qO+q17Xwcd8sTVzzQWkpEvWvikTvZ4FX4rQ54:c49KB18nWEQBT+kXs0tDlVzzHvUfTS8f

Malware Config

Targets

    • Target

      info.scr

    • Size

      437KB

    • MD5

      c75624c40c430ca50d418767035ad89a

    • SHA1

      b45deccb9657a9042a02088914b63a3c00ed9282

    • SHA256

      54537c67270e641f94efd1fa7e226965fb968e5fa7293b4926132eb6eab4fb51

    • SHA512

      9a9bed1099412fa6f1eabdee3350afc42bf5d87ebb23c5e4afcd177974c8da52f0cc02236225aacb31f20cc14669771d0f8999eaba11d714c8c5b1b105e3bb2f

    • SSDEEP

      6144:nyzggsbLf3igYynSaBtDs6Co+7B+xRlpnEEPMI8nzU8BIcAFwqw:nyzEd3BBlsZoSBQ6OMrzU4JAFwqw

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Impact

Defacement

1
T1491

Tasks