General

  • Target

    5f3df15568c628069235df05f6df3c74_JaffaCakes118

  • Size

    830KB

  • Sample

    241019-3heh7awale

  • MD5

    5f3df15568c628069235df05f6df3c74

  • SHA1

    8e891a50139f45c2546567cc633b92de217cc9bf

  • SHA256

    2004b06bbcb086fd3f2f83435f6e4cad003b4c344f50b5694762daf442bce3da

  • SHA512

    a796f37532d217dd25077ff7d45844f4d5b814a645bb94634ac94918baacefd910259452616229e2e36f63ecab58153ce194f1f0bf7290d47240eef634e177e3

  • SSDEEP

    24576:GLlueN4O1ighAFRwH3WLSFygv9OZnXzZHsEXI3UZ:GLlueNvighAFOGL9nVwK

Malware Config

Targets

    • Target

      5f3df15568c628069235df05f6df3c74_JaffaCakes118

    • Size

      830KB

    • MD5

      5f3df15568c628069235df05f6df3c74

    • SHA1

      8e891a50139f45c2546567cc633b92de217cc9bf

    • SHA256

      2004b06bbcb086fd3f2f83435f6e4cad003b4c344f50b5694762daf442bce3da

    • SHA512

      a796f37532d217dd25077ff7d45844f4d5b814a645bb94634ac94918baacefd910259452616229e2e36f63ecab58153ce194f1f0bf7290d47240eef634e177e3

    • SSDEEP

      24576:GLlueN4O1ighAFRwH3WLSFygv9OZnXzZHsEXI3UZ:GLlueNvighAFOGL9nVwK

    • Renames multiple (176) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks