General

  • Target

    c02f6ed00f40e14c7bca8bce164ed890_JaffaCakes118

  • Size

    876KB

  • Sample

    240825-hppyaa1brh

  • MD5

    c02f6ed00f40e14c7bca8bce164ed890

  • SHA1

    d5f490db721143571355d1c05ab9a7c3a3d3b31b

  • SHA256

    7202dd9f1dd3221b47776cfe9abae17d30ebe7f840a843867006f490800df818

  • SHA512

    edba1a77ccc49bde7fada73494d486d6d197bc497d7600e69901c050af475df9da02effeef9eadb565da1a836951fba90ee863190122cc2b7585803c6823009e

  • SSDEEP

    24576:/m2POtxO+AHaK3UIcS5ggBrsUS44asoM:/r4+hxrriZas

Malware Config

Targets

    • Target

      c02f6ed00f40e14c7bca8bce164ed890_JaffaCakes118

    • Size

      876KB

    • MD5

      c02f6ed00f40e14c7bca8bce164ed890

    • SHA1

      d5f490db721143571355d1c05ab9a7c3a3d3b31b

    • SHA256

      7202dd9f1dd3221b47776cfe9abae17d30ebe7f840a843867006f490800df818

    • SHA512

      edba1a77ccc49bde7fada73494d486d6d197bc497d7600e69901c050af475df9da02effeef9eadb565da1a836951fba90ee863190122cc2b7585803c6823009e

    • SSDEEP

      24576:/m2POtxO+AHaK3UIcS5ggBrsUS44asoM:/r4+hxrriZas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks