General

  • Target

    JaffaCakes118_495d742ab27056662896ef61bb989623

  • Size

    15.8MB

  • Sample

    250107-dcz59s1jdz

  • MD5

    495d742ab27056662896ef61bb989623

  • SHA1

    89a3a8b429f4a1a35714a01f6a5689c803d89db8

  • SHA256

    3d848f80f2da725e4c55018c42d3de8d979ed8a50a80f866c8afb8e417388ecf

  • SHA512

    2dc2e8c9a02e6e46c6feaba106b88c574e7e9bd36c4dd8a45ed9826eaebb39101111152403bb20b3af9f54a3b23feac0f813954c7e41ab91ac248e5f9af25f08

  • SSDEEP

    393216:Sq9K51KDC7vq2RwuLOUYmWWXdMhiyYv4N16rru:Sq9KjwuLOUYmWm4N12y

Malware Config

Targets

    • Target

      JaffaCakes118_495d742ab27056662896ef61bb989623

    • Size

      15.8MB

    • MD5

      495d742ab27056662896ef61bb989623

    • SHA1

      89a3a8b429f4a1a35714a01f6a5689c803d89db8

    • SHA256

      3d848f80f2da725e4c55018c42d3de8d979ed8a50a80f866c8afb8e417388ecf

    • SHA512

      2dc2e8c9a02e6e46c6feaba106b88c574e7e9bd36c4dd8a45ed9826eaebb39101111152403bb20b3af9f54a3b23feac0f813954c7e41ab91ac248e5f9af25f08

    • SSDEEP

      393216:Sq9K51KDC7vq2RwuLOUYmWWXdMhiyYv4N16rru:Sq9KjwuLOUYmWm4N12y

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks