General

  • Target

    a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118

  • Size

    13KB

  • Sample

    241127-hfcatsyner

  • MD5

    a6705bc754bbb1c3c3600d6e4d297e6e

  • SHA1

    d5818abb0278a33fd1256396793868686bc48ef7

  • SHA256

    fa515d064b0ffbea92bfb205f08d942b634146051d58403ef67911ede3192f36

  • SHA512

    e00ae3d4e7125e4919b375f66f9e42af783ad62970dce452bd67d786ddfe5717dcdbb95cd9c9a52534b7b417ec9788e8bcadbd9d5525ac96f75ff4dce25933ae

  • SSDEEP

    192:q/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMMBSZCpxrX:qebFNw4Pk1itKkpAjjI2YpdmMBS8xrX

Malware Config

Targets

    • Target

      a6705bc754bbb1c3c3600d6e4d297e6e_JaffaCakes118

    • Size

      13KB

    • MD5

      a6705bc754bbb1c3c3600d6e4d297e6e

    • SHA1

      d5818abb0278a33fd1256396793868686bc48ef7

    • SHA256

      fa515d064b0ffbea92bfb205f08d942b634146051d58403ef67911ede3192f36

    • SHA512

      e00ae3d4e7125e4919b375f66f9e42af783ad62970dce452bd67d786ddfe5717dcdbb95cd9c9a52534b7b417ec9788e8bcadbd9d5525ac96f75ff4dce25933ae

    • SSDEEP

      192:q/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMMBSZCpxrX:qebFNw4Pk1itKkpAjjI2YpdmMBS8xrX

    • Renames multiple (2161) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks