General

  • Target

    JaffaCakes118_9a603e700c9246d1e4f3856baa68ce4d

  • Size

    652KB

  • Sample

    250401-vs627avpx8

  • MD5

    9a603e700c9246d1e4f3856baa68ce4d

  • SHA1

    16ab3308f3c5dc2ef6a8402674fa5c91ca7a476b

  • SHA256

    6a540832cac28b33c698e66fcbfeee868573c2a4fc50d5a70b8091d8b0739d13

  • SHA512

    2c9786ba2c983360dc85c5806322f046b944b610a51d55ac2c69a9cb70d5e708f9ff7147b1b378e5886632fed3cf65da2ac6a7971befd8b9eee84f98a494c734

  • SSDEEP

    12288:i0SlJmmF99W7CQV1POhmmp+ZGnTtmg3Fxx7JvdakTNacsvH:rJw9g7CQjcmi+QnTN3vJxdjpaD

Malware Config

Targets

    • Target

      JaffaCakes118_9a603e700c9246d1e4f3856baa68ce4d

    • Size

      652KB

    • MD5

      9a603e700c9246d1e4f3856baa68ce4d

    • SHA1

      16ab3308f3c5dc2ef6a8402674fa5c91ca7a476b

    • SHA256

      6a540832cac28b33c698e66fcbfeee868573c2a4fc50d5a70b8091d8b0739d13

    • SHA512

      2c9786ba2c983360dc85c5806322f046b944b610a51d55ac2c69a9cb70d5e708f9ff7147b1b378e5886632fed3cf65da2ac6a7971befd8b9eee84f98a494c734

    • SSDEEP

      12288:i0SlJmmF99W7CQV1POhmmp+ZGnTtmg3Fxx7JvdakTNacsvH:rJw9g7CQjcmi+QnTN3vJxdjpaD

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops Chrome extension

MITRE ATT&CK Enterprise v15

Tasks