General

  • Target

    JaffaCakes118_20b25d84bc8260cdcee4b021fc9d088c

  • Size

    15.9MB

  • Sample

    250106-nhasnsvndv

  • MD5

    20b25d84bc8260cdcee4b021fc9d088c

  • SHA1

    dba463f03708ac207278cd0ef7d74c92341ef3be

  • SHA256

    5c2ded66c9452369aad8feb9dbd3336f1beee4fc7cc0c7db73b6c0829964bfb4

  • SHA512

    4da0a261fbf47ed1a27909d5c5239b3a0ed99b3fd41d842e19b84a0b9dd5b07899d7413de42c6b49cb507e098fb31931d5f7b1705fafc8f63496ec9fb3714243

  • SSDEEP

    393216:Sq9K51KDC7vq2RwuLOUYmWWXdMhiyYv4N16rrn:Sq9KjwuLOUYmWm4N12L

Malware Config

Targets

    • Target

      JaffaCakes118_20b25d84bc8260cdcee4b021fc9d088c

    • Size

      15.9MB

    • MD5

      20b25d84bc8260cdcee4b021fc9d088c

    • SHA1

      dba463f03708ac207278cd0ef7d74c92341ef3be

    • SHA256

      5c2ded66c9452369aad8feb9dbd3336f1beee4fc7cc0c7db73b6c0829964bfb4

    • SHA512

      4da0a261fbf47ed1a27909d5c5239b3a0ed99b3fd41d842e19b84a0b9dd5b07899d7413de42c6b49cb507e098fb31931d5f7b1705fafc8f63496ec9fb3714243

    • SSDEEP

      393216:Sq9K51KDC7vq2RwuLOUYmWWXdMhiyYv4N16rrn:Sq9KjwuLOUYmWm4N12L

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks