General

  • Target

    45f9c9052ac71cc829ab548215e9bad0_JaffaCakes118

  • Size

    23KB

  • Sample

    241015-fn9j7awenc

  • MD5

    45f9c9052ac71cc829ab548215e9bad0

  • SHA1

    9297c7c81fa4ba1797897156afff1e1e9bd3064c

  • SHA256

    b3de64e53dd3864d6499a60867e036424f9f93e9837edaae22e0505b765536a1

  • SHA512

    0f1548a9e26ccbab7c5c40ae8da456538d4b6b730b26fc0d5b5081afe17a752901a2f43921067bd0e771f8f86e89ea9644b3e46317935cbb7238227784f32510

  • SSDEEP

    384:SebFNw4Pk1itKkpAjjI2Ypdm9LGSFQAKDNlzi8TFtp5Rlsd9xG67mM:S0FmBkpKjPYpWD58vn2H

Malware Config

Targets

    • Target

      45f9c9052ac71cc829ab548215e9bad0_JaffaCakes118

    • Size

      23KB

    • MD5

      45f9c9052ac71cc829ab548215e9bad0

    • SHA1

      9297c7c81fa4ba1797897156afff1e1e9bd3064c

    • SHA256

      b3de64e53dd3864d6499a60867e036424f9f93e9837edaae22e0505b765536a1

    • SHA512

      0f1548a9e26ccbab7c5c40ae8da456538d4b6b730b26fc0d5b5081afe17a752901a2f43921067bd0e771f8f86e89ea9644b3e46317935cbb7238227784f32510

    • SSDEEP

      384:SebFNw4Pk1itKkpAjjI2Ypdm9LGSFQAKDNlzi8TFtp5Rlsd9xG67mM:S0FmBkpKjPYpWD58vn2H

    • Renames multiple (2154) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks