General

  • Target

    560cff36291eaf6b6b18bce5a756d813_JaffaCakes118

  • Size

    121KB

  • Sample

    241018-hqvj6awcrq

  • MD5

    560cff36291eaf6b6b18bce5a756d813

  • SHA1

    69adcce198d7380fccd08bba3631d2f1afbede92

  • SHA256

    0233d4955d4b4d177d449ea71993b4fdc19192a54be29c8e8031ea8cf2be625e

  • SHA512

    4db0be2bac5c278cda4c379384cc394f13c09660db9bc583ae79dfb2af27afa8263e5656cc9d11c685bc120a4d8fddf9ba2309d9c47a2b908adb2db82efd4100

  • SSDEEP

    3072:vCSjGoLpWM6Y3AXxAyHSzeZ00De4UBs5gA:lXvACq7yDC51

Malware Config

Targets

    • Target

      560cff36291eaf6b6b18bce5a756d813_JaffaCakes118

    • Size

      121KB

    • MD5

      560cff36291eaf6b6b18bce5a756d813

    • SHA1

      69adcce198d7380fccd08bba3631d2f1afbede92

    • SHA256

      0233d4955d4b4d177d449ea71993b4fdc19192a54be29c8e8031ea8cf2be625e

    • SHA512

      4db0be2bac5c278cda4c379384cc394f13c09660db9bc583ae79dfb2af27afa8263e5656cc9d11c685bc120a4d8fddf9ba2309d9c47a2b908adb2db82efd4100

    • SSDEEP

      3072:vCSjGoLpWM6Y3AXxAyHSzeZ00De4UBs5gA:lXvACq7yDC51

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks