General
-
Target
eec1ed345dbf944d1c365eb430e14bac_JaffaCakes118
-
Size
825KB
-
Sample
240921-a58fkaxdmn
-
MD5
eec1ed345dbf944d1c365eb430e14bac
-
SHA1
c9ed0f6788365cbc8719aeb249b1ac092d09ea48
-
SHA256
80f684d275e3c12b1789d4fda703cbdfa3fa0d53ee7c002b48e2f0e68475f7d9
-
SHA512
1f5353debe676448ec85476f597df82743b35c07282a2d8f009d753e26df307521929aa82f94fe5b5499a930e03f39908813ba2e407d210ff0e54c964135027d
-
SSDEEP
24576:Iot9v6Et1/z43eDkAE8Waj6ca/QoEii3Tmv:9SIFzeckATmp/xEii3Tmv
Malware Config
Targets
-
-
Target
eec1ed345dbf944d1c365eb430e14bac_JaffaCakes118
-
Size
825KB
-
MD5
eec1ed345dbf944d1c365eb430e14bac
-
SHA1
c9ed0f6788365cbc8719aeb249b1ac092d09ea48
-
SHA256
80f684d275e3c12b1789d4fda703cbdfa3fa0d53ee7c002b48e2f0e68475f7d9
-
SHA512
1f5353debe676448ec85476f597df82743b35c07282a2d8f009d753e26df307521929aa82f94fe5b5499a930e03f39908813ba2e407d210ff0e54c964135027d
-
SSDEEP
24576:Iot9v6Et1/z43eDkAE8Waj6ca/QoEii3Tmv:9SIFzeckATmp/xEii3Tmv
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4