General

  • Target

    a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118

  • Size

    1.8MB

  • Sample

    241126-2ghc1ssrgy

  • MD5

    a47562ddb085ab39b821c1d8ab078edf

  • SHA1

    0d4e8e5549105ee8527c058dce6c390616ad14a3

  • SHA256

    f70006713d13499db25cb78e7831a300457f83248cc8a245de67b180c607713e

  • SHA512

    18b3ff273024fdd98f2eacc9825316a97ae9809d127ae4d16a6613a9093fa94804c736cdb4edef814ef76c92a2f8c5b640ce4d2b7b76e339fe581667189a29f7

  • SSDEEP

    24576:dnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:m1K5ve1K5v

Malware Config

Targets

    • Target

      a47562ddb085ab39b821c1d8ab078edf_JaffaCakes118

    • Size

      1.8MB

    • MD5

      a47562ddb085ab39b821c1d8ab078edf

    • SHA1

      0d4e8e5549105ee8527c058dce6c390616ad14a3

    • SHA256

      f70006713d13499db25cb78e7831a300457f83248cc8a245de67b180c607713e

    • SHA512

      18b3ff273024fdd98f2eacc9825316a97ae9809d127ae4d16a6613a9093fa94804c736cdb4edef814ef76c92a2f8c5b640ce4d2b7b76e339fe581667189a29f7

    • SSDEEP

      24576:dnA1KgRYWHEvtd8LHhFJpxjMnA1KgRYWHEvtd8LHhFJpxjJ:m1K5ve1K5v

    • LockFile

      LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

    • Lockfile family

    • Renames multiple (1109) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks