General

  • Target

    0ac9c6feed95426d6d3ec9cae396baed_JaffaCakes118

  • Size

    12KB

  • Sample

    241002-p82vhsxclr

  • MD5

    0ac9c6feed95426d6d3ec9cae396baed

  • SHA1

    8285db1c3d05bbacc18e6851f6163732d9c87f84

  • SHA256

    df35e9e1d54768fd864ba8f9a74b0cacf9e1420845168cef71caae7ce677050c

  • SHA512

    7fff66e160b3e9ad430bd518874bb5d6d314c90c1e91e8d404f44fb132d3b749c51d698383042f22be1e1baadb375e229d77fa7026e149480d4afd25552730da

  • SSDEEP

    192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9Y:JebFNw4Pk1itKkpAjjJs6B40WCyWOh

Malware Config

Targets

    • Target

      0ac9c6feed95426d6d3ec9cae396baed_JaffaCakes118

    • Size

      12KB

    • MD5

      0ac9c6feed95426d6d3ec9cae396baed

    • SHA1

      8285db1c3d05bbacc18e6851f6163732d9c87f84

    • SHA256

      df35e9e1d54768fd864ba8f9a74b0cacf9e1420845168cef71caae7ce677050c

    • SHA512

      7fff66e160b3e9ad430bd518874bb5d6d314c90c1e91e8d404f44fb132d3b749c51d698383042f22be1e1baadb375e229d77fa7026e149480d4afd25552730da

    • SSDEEP

      192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9Y:JebFNw4Pk1itKkpAjjJs6B40WCyWOh

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks