General

  • Target

    b736b36388afff62ede52ad2e7792dd4_JaffaCakes118

  • Size

    11.4MB

  • Sample

    240617-hahknaselq

  • MD5

    b736b36388afff62ede52ad2e7792dd4

  • SHA1

    2b0360385df4c7872ab4aacd256b4bbdfe674d30

  • SHA256

    da1b2ed299b2c97f8a8a435a78fcb1957426fa7bfaaf30483e09341304e47758

  • SHA512

    b0d4c32f57e707adab954ad91e06cfff87a74b1ebb6751c9f2c9c1dffeb433b0e8a1f7b89fd7f285e776092157fb96e49b94c9eeb38828498354d51526a3538e

  • SSDEEP

    196608:UTwx42RPPBdebEm1iWWHc1SUX6apg3ZhncrJPm59vzgO8L1vsqFRUo7t/IbsCTMZ:UaRPiGWW8sUtu/Am5q91vsqFRn5AACTM

Malware Config

Targets

    • Target

      b736b36388afff62ede52ad2e7792dd4_JaffaCakes118

    • Size

      11.4MB

    • MD5

      b736b36388afff62ede52ad2e7792dd4

    • SHA1

      2b0360385df4c7872ab4aacd256b4bbdfe674d30

    • SHA256

      da1b2ed299b2c97f8a8a435a78fcb1957426fa7bfaaf30483e09341304e47758

    • SHA512

      b0d4c32f57e707adab954ad91e06cfff87a74b1ebb6751c9f2c9c1dffeb433b0e8a1f7b89fd7f285e776092157fb96e49b94c9eeb38828498354d51526a3538e

    • SSDEEP

      196608:UTwx42RPPBdebEm1iWWHc1SUX6apg3ZhncrJPm59vzgO8L1vsqFRUo7t/IbsCTMZ:UaRPiGWW8sUtu/Am5q91vsqFRn5AACTM

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks