General

  • Target

    a67103a77e52ef48f74beafffa7684e3_JaffaCakes118

  • Size

    12KB

  • Sample

    241127-hfnzmaskes

  • MD5

    a67103a77e52ef48f74beafffa7684e3

  • SHA1

    81486fd7018486d5bd7106d0677e1ef0c199d834

  • SHA256

    4520276c85f64eb9c98d58cfeecb702a468aae19180f0f35d9705a996f5414df

  • SHA512

    175803052ce0ea9b3ba16cea2b285c30c1a5450f2e95f855a7f9238e978be11b5965c2caaf628fd2b20d5f67ffa46237aac6de364a90ae5a3772c697b7891e5c

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCVEN:eebFNw4Pk1itKkpAjjI2YpdmC

Malware Config

Targets

    • Target

      a67103a77e52ef48f74beafffa7684e3_JaffaCakes118

    • Size

      12KB

    • MD5

      a67103a77e52ef48f74beafffa7684e3

    • SHA1

      81486fd7018486d5bd7106d0677e1ef0c199d834

    • SHA256

      4520276c85f64eb9c98d58cfeecb702a468aae19180f0f35d9705a996f5414df

    • SHA512

      175803052ce0ea9b3ba16cea2b285c30c1a5450f2e95f855a7f9238e978be11b5965c2caaf628fd2b20d5f67ffa46237aac6de364a90ae5a3772c697b7891e5c

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCVEN:eebFNw4Pk1itKkpAjjI2YpdmC

    • Renames multiple (2214) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks