General

  • Target

    JaffaCakes118_9339503bfbb68f6435a37e36057c137b

  • Size

    205KB

  • Sample

    250108-jdll6aznex

  • MD5

    9339503bfbb68f6435a37e36057c137b

  • SHA1

    fb8714dea5b2cb8884b079b2a32e4246630efa40

  • SHA256

    ed27064284abd999686d18a64681781876fbb716587f2e8ce70f862565dc4599

  • SHA512

    1d85151ad89ab85e20682ee7940f20d1ef6f63cc2dd53f744ddcaa603750e822722926b03834dc0bec24834b992bfd379122ff80b1f89826acbca719f7104aa5

  • SSDEEP

    6144:0V5X9iNrRFBVxk7M2+4D3Iyv1ChpFR0FVvrp9N:08rZVxk7J+1MgwVrx

Malware Config

Targets

    • Target

      JaffaCakes118_9339503bfbb68f6435a37e36057c137b

    • Size

      205KB

    • MD5

      9339503bfbb68f6435a37e36057c137b

    • SHA1

      fb8714dea5b2cb8884b079b2a32e4246630efa40

    • SHA256

      ed27064284abd999686d18a64681781876fbb716587f2e8ce70f862565dc4599

    • SHA512

      1d85151ad89ab85e20682ee7940f20d1ef6f63cc2dd53f744ddcaa603750e822722926b03834dc0bec24834b992bfd379122ff80b1f89826acbca719f7104aa5

    • SSDEEP

      6144:0V5X9iNrRFBVxk7M2+4D3Iyv1ChpFR0FVvrp9N:08rZVxk7J+1MgwVrx

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (53) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks