General

  • Target

    48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118

  • Size

    18KB

  • Sample

    241015-tvcqpathkh

  • MD5

    48cee60c2d2d32979c40c5f630c8f220

  • SHA1

    12531e0df36c3b5b4fab47bb7feaac105fffc30e

  • SHA256

    b43c7c6a97d02ab5e6a4bf60cf9188edac971f3ef8a807b5756a1584defa2297

  • SHA512

    b63758ffdec53453f01d01e983765a4b43b4de764b62968da350e1fedd8a8c80f17965a0c134952bbf92166b8748fcb283ec0db23a6ffd1edbc15c07c40221bf

  • SSDEEP

    384:SebFNw4Pk1itKkpAjjI2YpdmAZQzVg48JrX:S0FmBkpKjPYpDQAFX

Malware Config

Targets

    • Target

      48cee60c2d2d32979c40c5f630c8f220_JaffaCakes118

    • Size

      18KB

    • MD5

      48cee60c2d2d32979c40c5f630c8f220

    • SHA1

      12531e0df36c3b5b4fab47bb7feaac105fffc30e

    • SHA256

      b43c7c6a97d02ab5e6a4bf60cf9188edac971f3ef8a807b5756a1584defa2297

    • SHA512

      b63758ffdec53453f01d01e983765a4b43b4de764b62968da350e1fedd8a8c80f17965a0c134952bbf92166b8748fcb283ec0db23a6ffd1edbc15c07c40221bf

    • SSDEEP

      384:SebFNw4Pk1itKkpAjjI2YpdmAZQzVg48JrX:S0FmBkpKjPYpDQAFX

    • Renames multiple (2203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks