General

  • Target

    8aa695771695fcb2debf32be36342fbc_JaffaCakes118

  • Size

    29KB

  • Sample

    241103-kyx2cszglh

  • MD5

    8aa695771695fcb2debf32be36342fbc

  • SHA1

    dc90c5bb99de71190ae5623032ba871ec81e788d

  • SHA256

    ec4e0441e96950e7f5b64860b1ec33b2ee544fe0779d34ea4414fb0e780884dc

  • SHA512

    df878a074fe23c37c5b8f309a698f54fb2197f3559b042361ab424cda4a6f88bd239fcc8c6775394f0caf71f341c73cd795ab0e50e6fe582f0c46f06e54171b3

  • SSDEEP

    384:eebFNw4Pk1itKkpAjjI2YpdmZ+9saOxj8uO9GtWkA5WuHVjR4VW:e0FmBkpKjPYppOl8uBtWkA9iW

Malware Config

Targets

    • Target

      8aa695771695fcb2debf32be36342fbc_JaffaCakes118

    • Size

      29KB

    • MD5

      8aa695771695fcb2debf32be36342fbc

    • SHA1

      dc90c5bb99de71190ae5623032ba871ec81e788d

    • SHA256

      ec4e0441e96950e7f5b64860b1ec33b2ee544fe0779d34ea4414fb0e780884dc

    • SHA512

      df878a074fe23c37c5b8f309a698f54fb2197f3559b042361ab424cda4a6f88bd239fcc8c6775394f0caf71f341c73cd795ab0e50e6fe582f0c46f06e54171b3

    • SSDEEP

      384:eebFNw4Pk1itKkpAjjI2YpdmZ+9saOxj8uO9GtWkA5WuHVjR4VW:e0FmBkpKjPYppOl8uBtWkA9iW

    • Renames multiple (2219) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks