General

  • Target

    0210847e1ad4692e9f828528711707a0_JaffaCakes118

  • Size

    62KB

  • Sample

    240930-sxgxrasepn

  • MD5

    0210847e1ad4692e9f828528711707a0

  • SHA1

    c2500c9587a4f68df63b953aff9e4ffc446ece18

  • SHA256

    0e165fe4353331710f8db102e7bf648b5e06f92ee87138ad03870fe2194f4ad7

  • SHA512

    acf7a1d304bfc032e64cce4dc5e5fec89f41fc3bea864e29cc3efdcaafcf584646e4b15af3d58126fedc4923b85e74b9a95c7ac5415a2539fcdb0cc6fae582b7

  • SSDEEP

    768:w0FmBkpKjJH40+R7WC8If/+w5xZd0vBCn2jd/Pudv0ECjWacQGrtV8PKFWcccPc/:wODKd32Zd6vjVPg0JSaQrtVrFXD6B

Malware Config

Targets

    • Target

      0210847e1ad4692e9f828528711707a0_JaffaCakes118

    • Size

      62KB

    • MD5

      0210847e1ad4692e9f828528711707a0

    • SHA1

      c2500c9587a4f68df63b953aff9e4ffc446ece18

    • SHA256

      0e165fe4353331710f8db102e7bf648b5e06f92ee87138ad03870fe2194f4ad7

    • SHA512

      acf7a1d304bfc032e64cce4dc5e5fec89f41fc3bea864e29cc3efdcaafcf584646e4b15af3d58126fedc4923b85e74b9a95c7ac5415a2539fcdb0cc6fae582b7

    • SSDEEP

      768:w0FmBkpKjJH40+R7WC8If/+w5xZd0vBCn2jd/Pudv0ECjWacQGrtV8PKFWcccPc/:wODKd32Zd6vjVPg0JSaQrtVrFXD6B

    • Renames multiple (2190) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks