General

  • Target

    JaffaCakes118_e3cd7eb725fefdf7139ca5dff48bbeda

  • Size

    20KB

  • Sample

    250503-mh61fa1tby

  • MD5

    e3cd7eb725fefdf7139ca5dff48bbeda

  • SHA1

    dc9579da87bf1531c4a23335a84c140445918978

  • SHA256

    23347fcd23f44c570256a9f6f58d0d4d8cd09e854bdf022fdb964d190af9b4ff

  • SHA512

    01dd77045ceb64f9cc026ef4aeb25dabac52ff8e5bcab00f482b0ecf602908caca4295f2f0881799171c0f1500e4aeaf7573d6a40039ca6b1e7b5258621ec189

  • SSDEEP

    384:PcJYF1B/I6ThmbWuKSqD3chGHN87x1Hxey:PjIChmPKBcNzHQy

Malware Config

Targets

    • Target

      JaffaCakes118_e3cd7eb725fefdf7139ca5dff48bbeda

    • Size

      20KB

    • MD5

      e3cd7eb725fefdf7139ca5dff48bbeda

    • SHA1

      dc9579da87bf1531c4a23335a84c140445918978

    • SHA256

      23347fcd23f44c570256a9f6f58d0d4d8cd09e854bdf022fdb964d190af9b4ff

    • SHA512

      01dd77045ceb64f9cc026ef4aeb25dabac52ff8e5bcab00f482b0ecf602908caca4295f2f0881799171c0f1500e4aeaf7573d6a40039ca6b1e7b5258621ec189

    • SSDEEP

      384:PcJYF1B/I6ThmbWuKSqD3chGHN87x1Hxey:PjIChmPKBcNzHQy

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks