General

  • Target

    JaffaCakes118_62f805c6e4a31a51772119fbca397f67

  • Size

    933KB

  • Sample

    250115-1vn72sxqdl

  • MD5

    62f805c6e4a31a51772119fbca397f67

  • SHA1

    bddd4c965f92d81250f0569239c5c57fec6e78f0

  • SHA256

    6724567c59b03fd42ecc08201aa7f4531411259ae7ddf7261b8595b07648d7a0

  • SHA512

    e7f0efca8146aeb3b2e3bf198086baa0c28c3d91143561d63974bce91072e770ab33b762b9168e59e77ac921fbb742e840997523e421bc335e727b50724160ad

  • SSDEEP

    24576:NNNdrId4ebFInuqVbLBSy9xsdre9bDY2UVbv5X+L:NOqVSyPDbD3cb

Malware Config

Targets

    • Target

      JaffaCakes118_62f805c6e4a31a51772119fbca397f67

    • Size

      933KB

    • MD5

      62f805c6e4a31a51772119fbca397f67

    • SHA1

      bddd4c965f92d81250f0569239c5c57fec6e78f0

    • SHA256

      6724567c59b03fd42ecc08201aa7f4531411259ae7ddf7261b8595b07648d7a0

    • SHA512

      e7f0efca8146aeb3b2e3bf198086baa0c28c3d91143561d63974bce91072e770ab33b762b9168e59e77ac921fbb742e840997523e421bc335e727b50724160ad

    • SSDEEP

      24576:NNNdrId4ebFInuqVbLBSy9xsdre9bDY2UVbv5X+L:NOqVSyPDbD3cb

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks