General

  • Target

    6f5989fb7ce45c92478e8979e8feeda5_JaffaCakes118

  • Size

    33KB

  • Sample

    241023-rlgbeawepn

  • MD5

    6f5989fb7ce45c92478e8979e8feeda5

  • SHA1

    a4d9437c8bc3d52a7e35a2ac70ef6909f5397bbd

  • SHA256

    f8ebf62de3db50c0839052b350d9aad2df166b14827e20e5b96f2032201d875d

  • SHA512

    c39bc4c927c71de1ae0b5bc15f76d3de5c0438550bd5479156d269e44bcc2d6a1aee04c484b77e0c4f8492c288c5ca59b3c1db7c33f6408f66e4d8bd815e5147

  • SSDEEP

    384:mebFNw4Pk1itKkpAjjI2YpdmLySX0rVIDOqVEb7ja7RPd/5+2ho13cU0kc8T+pf:m0FmBkpKjPYp+XhOqO7oPdB7hg34d

Malware Config

Targets

    • Target

      6f5989fb7ce45c92478e8979e8feeda5_JaffaCakes118

    • Size

      33KB

    • MD5

      6f5989fb7ce45c92478e8979e8feeda5

    • SHA1

      a4d9437c8bc3d52a7e35a2ac70ef6909f5397bbd

    • SHA256

      f8ebf62de3db50c0839052b350d9aad2df166b14827e20e5b96f2032201d875d

    • SHA512

      c39bc4c927c71de1ae0b5bc15f76d3de5c0438550bd5479156d269e44bcc2d6a1aee04c484b77e0c4f8492c288c5ca59b3c1db7c33f6408f66e4d8bd815e5147

    • SSDEEP

      384:mebFNw4Pk1itKkpAjjI2YpdmLySX0rVIDOqVEb7ja7RPd/5+2ho13cU0kc8T+pf:m0FmBkpKjPYp+XhOqO7oPdB7hg34d

    • Renames multiple (2191) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks