General

  • Target

    02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118

  • Size

    75KB

  • Sample

    240620-fb2ntazanf

  • MD5

    02e324fc34f9a066c190c3d495ca9c82

  • SHA1

    24c83ccadd0978e36d14772203e9e45ad35585ff

  • SHA256

    a0814c03e2977dbd8d63ba247ed2e3b3cef500daccda5ddad4f14e29dbf46673

  • SHA512

    0ed0e2afb9a5cf6c4e2851b4bb8e045f528de630b8ff77a845dda65312fcabfcc94372ea667fe8a847d575b956fdfff700e5b572ea624cead22014c14b5d7325

  • SSDEEP

    1536:LV/zjZJASlydOl0gJm4oFnVyYtYV6+hMeYIJy0B/YSmC+uTTgZ:9jffzFoFn4YCTMetrASmC+g6

Malware Config

Targets

    • Target

      02e324fc34f9a066c190c3d495ca9c82_JaffaCakes118

    • Size

      75KB

    • MD5

      02e324fc34f9a066c190c3d495ca9c82

    • SHA1

      24c83ccadd0978e36d14772203e9e45ad35585ff

    • SHA256

      a0814c03e2977dbd8d63ba247ed2e3b3cef500daccda5ddad4f14e29dbf46673

    • SHA512

      0ed0e2afb9a5cf6c4e2851b4bb8e045f528de630b8ff77a845dda65312fcabfcc94372ea667fe8a847d575b956fdfff700e5b572ea624cead22014c14b5d7325

    • SSDEEP

      1536:LV/zjZJASlydOl0gJm4oFnVyYtYV6+hMeYIJy0B/YSmC+uTTgZ:9jffzFoFn4YCTMetrASmC+g6

    • Renames multiple (219) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks