General

  • Target

    4fc1e30a4888ba22af0b315fe3fe0787_JaffaCakes118

  • Size

    830KB

  • Sample

    241017-acrbks1bnh

  • MD5

    4fc1e30a4888ba22af0b315fe3fe0787

  • SHA1

    76432e3c293a479e43ca3a996b0be963333a6aba

  • SHA256

    6d907f1ea22ca8f81d3259baf20b0db7dd1e0bdfa591a0529622326bccd8ba03

  • SHA512

    ca793fa294adeba25275dd5907a1c74ffc22b59df7aecc15b1bfa83bb2f88529ac581be736db3e5c14fbc3bf897ab70f32845a00a8f67a24725b99d8ae789a76

  • SSDEEP

    24576:TlZYhGV8zpOrAe1ETenGblx3JG/yHJpijbUcWrmb:TlZmGy8rAe1ETeyTJHHJpij

Malware Config

Targets

    • Target

      4fc1e30a4888ba22af0b315fe3fe0787_JaffaCakes118

    • Size

      830KB

    • MD5

      4fc1e30a4888ba22af0b315fe3fe0787

    • SHA1

      76432e3c293a479e43ca3a996b0be963333a6aba

    • SHA256

      6d907f1ea22ca8f81d3259baf20b0db7dd1e0bdfa591a0529622326bccd8ba03

    • SHA512

      ca793fa294adeba25275dd5907a1c74ffc22b59df7aecc15b1bfa83bb2f88529ac581be736db3e5c14fbc3bf897ab70f32845a00a8f67a24725b99d8ae789a76

    • SSDEEP

      24576:TlZYhGV8zpOrAe1ETenGblx3JG/yHJpijbUcWrmb:TlZmGy8rAe1ETeyTJHHJpij

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks