General

  • Target

    5edd5f307b87d4dfff86a9723621ac95_JaffaCakes118

  • Size

    303KB

  • Sample

    241019-1sz7ja1ejg

  • MD5

    5edd5f307b87d4dfff86a9723621ac95

  • SHA1

    58f3ccfae9185239617091808fc7a2de492a0844

  • SHA256

    f4202a505da33e32fe4a5ee55ee1451dffaf1e03e5ea2d2ee0db766d58541233

  • SHA512

    30e5969bc46a7d50b3b5bc1dad4b89ea619d6f207fb294d2150cff09da7bec3e58d83bea511d6d9e640bd7f7759723befe4369246b58d10c1ab6bf436afa9c4a

  • SSDEEP

    3072:wHuDmjWrr7Ny+zLYVdizffMH+/BilFokcBtKD4oWoRtDkflqzS8bXhXzu:0uDljlYV0ffbozz+ta1E+txu

Malware Config

Targets

    • Target

      5edd5f307b87d4dfff86a9723621ac95_JaffaCakes118

    • Size

      303KB

    • MD5

      5edd5f307b87d4dfff86a9723621ac95

    • SHA1

      58f3ccfae9185239617091808fc7a2de492a0844

    • SHA256

      f4202a505da33e32fe4a5ee55ee1451dffaf1e03e5ea2d2ee0db766d58541233

    • SHA512

      30e5969bc46a7d50b3b5bc1dad4b89ea619d6f207fb294d2150cff09da7bec3e58d83bea511d6d9e640bd7f7759723befe4369246b58d10c1ab6bf436afa9c4a

    • SSDEEP

      3072:wHuDmjWrr7Ny+zLYVdizffMH+/BilFokcBtKD4oWoRtDkflqzS8bXhXzu:0uDljlYV0ffbozz+ta1E+txu

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (54) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks