General

  • Target

    6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118

  • Size

    12KB

  • Sample

    241022-vdrzqaxcnm

  • MD5

    6b5a5944c666a076de95a94edbcbcbb8

  • SHA1

    63f125fb21f24de06b82aff877ffe42dbc1eb35e

  • SHA256

    9ac02f9ebcad83072316bf0dc26df0692fea1c1b159f4b47942d55f67b1b72f4

  • SHA512

    213f7cef850b1585f09eb2c3fecc65b129aa9c628bdccc9d1b4770d45040e2a54539bd8cd79dd7c586b0aa7581dba2591a67fff5267f81184ba6df726d640c3a

  • SSDEEP

    192:92H9hL+0NuU6UPT58Wff2LiTV3HGc7EkpAiEpPu2q9C/YpXnAITZfPtRMp6C6dq:92vrFjn2LitKkpArpo2Ypdmp6/q

Malware Config

Targets

    • Target

      6b5a5944c666a076de95a94edbcbcbb8_JaffaCakes118

    • Size

      12KB

    • MD5

      6b5a5944c666a076de95a94edbcbcbb8

    • SHA1

      63f125fb21f24de06b82aff877ffe42dbc1eb35e

    • SHA256

      9ac02f9ebcad83072316bf0dc26df0692fea1c1b159f4b47942d55f67b1b72f4

    • SHA512

      213f7cef850b1585f09eb2c3fecc65b129aa9c628bdccc9d1b4770d45040e2a54539bd8cd79dd7c586b0aa7581dba2591a67fff5267f81184ba6df726d640c3a

    • SSDEEP

      192:92H9hL+0NuU6UPT58Wff2LiTV3HGc7EkpAiEpPu2q9C/YpXnAITZfPtRMp6C6dq:92vrFjn2LitKkpArpo2Ypdmp6/q

    • Renames multiple (2147) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks