General

  • Target

    c06b11b66aae9cc4d859eed6f5f8f898_JaffaCakes118

  • Size

    216KB

  • Sample

    240825-k8cheaybjn

  • MD5

    c06b11b66aae9cc4d859eed6f5f8f898

  • SHA1

    fd6484fe45eadfb78e7ac955e683d3743353576e

  • SHA256

    d97bb2720fbce5139d964b68660e285494cd8428e7afac25a906d7b6ecfaae59

  • SHA512

    100ed0aa86f7924f8a602568693ab1c8bfe771029ea6564166c62ab9613516cd067e4de81798aa705c223170217b73c7b30574376381322e9620561836d0547e

  • SSDEEP

    3072:8n+16291vtHRK12Fx7sD0TdmrY8OpPGjTd9Yg5Zt4wnry9p1zwQ:8891lHtz7sDJE9OjZ9Yg5swnmD1z

Malware Config

Targets

    • Target

      c06b11b66aae9cc4d859eed6f5f8f898_JaffaCakes118

    • Size

      216KB

    • MD5

      c06b11b66aae9cc4d859eed6f5f8f898

    • SHA1

      fd6484fe45eadfb78e7ac955e683d3743353576e

    • SHA256

      d97bb2720fbce5139d964b68660e285494cd8428e7afac25a906d7b6ecfaae59

    • SHA512

      100ed0aa86f7924f8a602568693ab1c8bfe771029ea6564166c62ab9613516cd067e4de81798aa705c223170217b73c7b30574376381322e9620561836d0547e

    • SSDEEP

      3072:8n+16291vtHRK12Fx7sD0TdmrY8OpPGjTd9Yg5Zt4wnry9p1zwQ:8891lHtz7sDJE9OjZ9Yg5swnmD1z

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks