General

  • Target

    a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118

  • Size

    12KB

  • Sample

    241127-eafjhsskcr

  • MD5

    a5bb17cadea141d0c25951bcecdf3f0c

  • SHA1

    43d2f488c633a044614eec79fd9dc9ee2161e141

  • SHA256

    9ab037a91607b907890c8086e7bb5812532ec8a6d334e802ffb6f8623927a1f8

  • SHA512

    432722f190d25876ac9fcdaf88b61870585923263829d0f1e45904a3a29ac07d8a49ce1bb35dee7b2a9a801ee804a7c96196bfedcd8834749b59548079dbfc07

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMtoMD:eebFNw4Pk1itKkpAjjI2YpdmtZD

Malware Config

Targets

    • Target

      a5bb17cadea141d0c25951bcecdf3f0c_JaffaCakes118

    • Size

      12KB

    • MD5

      a5bb17cadea141d0c25951bcecdf3f0c

    • SHA1

      43d2f488c633a044614eec79fd9dc9ee2161e141

    • SHA256

      9ab037a91607b907890c8086e7bb5812532ec8a6d334e802ffb6f8623927a1f8

    • SHA512

      432722f190d25876ac9fcdaf88b61870585923263829d0f1e45904a3a29ac07d8a49ce1bb35dee7b2a9a801ee804a7c96196bfedcd8834749b59548079dbfc07

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMtoMD:eebFNw4Pk1itKkpAjjI2YpdmtZD

    • Renames multiple (2164) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks