General

  • Target

    815566cfa896c06cff241371523c4acd_JaffaCakes118

  • Size

    10.1MB

  • Sample

    241031-dg9khaycrp

  • MD5

    815566cfa896c06cff241371523c4acd

  • SHA1

    a0d3e1319f3790fea994396a5701b1b1b3c31239

  • SHA256

    67cc8e079c9f46aaa2c174288ca62ff8c2b790fd4168f816be736ef972a45816

  • SHA512

    1c34bdc22dbc21a1501940c5171128a6f77e66fb78aebf5ec3fd9c0316bc07ede9d0b7989fdfd58278c910f74d5acac2d0f3e7f1ed0cc483c94c0eca78bfc70b

  • SSDEEP

    196608:cmbZsMDGwfXB1MuUEMP4gGgeBGDF+KSwstsNOxsx54GTv3piOMHrIppUrqbr/WLc:jbXSwfoEMP4AeBKF+KSwstfxBsd1qvQx

Malware Config

Targets

    • Target

      815566cfa896c06cff241371523c4acd_JaffaCakes118

    • Size

      10.1MB

    • MD5

      815566cfa896c06cff241371523c4acd

    • SHA1

      a0d3e1319f3790fea994396a5701b1b1b3c31239

    • SHA256

      67cc8e079c9f46aaa2c174288ca62ff8c2b790fd4168f816be736ef972a45816

    • SHA512

      1c34bdc22dbc21a1501940c5171128a6f77e66fb78aebf5ec3fd9c0316bc07ede9d0b7989fdfd58278c910f74d5acac2d0f3e7f1ed0cc483c94c0eca78bfc70b

    • SSDEEP

      196608:cmbZsMDGwfXB1MuUEMP4gGgeBGDF+KSwstsNOxsx54GTv3piOMHrIppUrqbr/WLc:jbXSwfoEMP4AeBKF+KSwstfxBsd1qvQx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks