General

  • Target

    585d473754867606952c65397da45397_JaffaCakes118

  • Size

    12KB

  • Sample

    241018-tnt2dsyalr

  • MD5

    585d473754867606952c65397da45397

  • SHA1

    e656c2ffc85c0d467a985746b260ae5da9e31a1d

  • SHA256

    8b4852da19283b0cc08010a92efff18d88679720ae1771aba86a595a4fa2432f

  • SHA512

    0262d7361e3750899b0a2a0924fdbb4d054daa7ada73cff9ede5fefc5517d9d6c129891723c6df3b0e737b740d10f4813577b7ae3c23f6d56fade91a847038a7

  • SSDEEP

    192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMdy4ZB8:GebFNw4Pk1itKkpAjjI2Ypdmdy

Malware Config

Targets

    • Target

      585d473754867606952c65397da45397_JaffaCakes118

    • Size

      12KB

    • MD5

      585d473754867606952c65397da45397

    • SHA1

      e656c2ffc85c0d467a985746b260ae5da9e31a1d

    • SHA256

      8b4852da19283b0cc08010a92efff18d88679720ae1771aba86a595a4fa2432f

    • SHA512

      0262d7361e3750899b0a2a0924fdbb4d054daa7ada73cff9ede5fefc5517d9d6c129891723c6df3b0e737b740d10f4813577b7ae3c23f6d56fade91a847038a7

    • SSDEEP

      192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMdy4ZB8:GebFNw4Pk1itKkpAjjI2Ypdmdy

    • Renames multiple (5856) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks