General

  • Target

    6c72709aa40768330613c64f42b3e049_JaffaCakes118

  • Size

    12KB

  • Sample

    241023-ajqnma1eqb

  • MD5

    6c72709aa40768330613c64f42b3e049

  • SHA1

    7d99027319ae19e1305d000ec738ae892050b4b9

  • SHA256

    b648fce4e270a19f88a94e6f94e96423e8d98ad5e8e5d1468a80d460c4f17647

  • SHA512

    c68374e9432cf4cddf6e35bfdbfbd474874222c94cee6324d849233924681db43e74e42f453b096ee92a516288a81160f23d6a079e7af5a4b54eecaf5a496dee

  • SSDEEP

    192:5/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMixYXZrMd:5ebFNw4Pk1itKkpAjjJs6B40WixYJu

Malware Config

Targets

    • Target

      6c72709aa40768330613c64f42b3e049_JaffaCakes118

    • Size

      12KB

    • MD5

      6c72709aa40768330613c64f42b3e049

    • SHA1

      7d99027319ae19e1305d000ec738ae892050b4b9

    • SHA256

      b648fce4e270a19f88a94e6f94e96423e8d98ad5e8e5d1468a80d460c4f17647

    • SHA512

      c68374e9432cf4cddf6e35bfdbfbd474874222c94cee6324d849233924681db43e74e42f453b096ee92a516288a81160f23d6a079e7af5a4b54eecaf5a496dee

    • SSDEEP

      192:5/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMixYXZrMd:5ebFNw4Pk1itKkpAjjJs6B40WixYJu

    • Renames multiple (5473) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks