General

  • Target

    JaffaCakes118_04381e43e5917d342937c103d00dcc70

  • Size

    476KB

  • Sample

    250515-d4rm7syq18

  • MD5

    04381e43e5917d342937c103d00dcc70

  • SHA1

    dd5287a12a6849265656afeacc7496b0a0f31de1

  • SHA256

    78a0fbeb2537c2efcde7d14c65212daaab5581129d307c8d1bf9928fd797d37e

  • SHA512

    077d7a09a8c9d2c7003a2fed41fc9dd7f6ac2b04568c374760a528de3eecc8da819b9838390f709545de354a0183a064bfe0aaded61bf719ec800543c527543b

  • SSDEEP

    12288:RE8rQsJ6+vrS/uph/Ay06z5nrESCVTQ8OSN3J/W9IQVYcTbxRYp8R7pNgVlrvrQ6:RvU5BGbAzSnISHSvrQLHe

Malware Config

Targets

    • Target

      JaffaCakes118_04381e43e5917d342937c103d00dcc70

    • Size

      476KB

    • MD5

      04381e43e5917d342937c103d00dcc70

    • SHA1

      dd5287a12a6849265656afeacc7496b0a0f31de1

    • SHA256

      78a0fbeb2537c2efcde7d14c65212daaab5581129d307c8d1bf9928fd797d37e

    • SHA512

      077d7a09a8c9d2c7003a2fed41fc9dd7f6ac2b04568c374760a528de3eecc8da819b9838390f709545de354a0183a064bfe0aaded61bf719ec800543c527543b

    • SSDEEP

      12288:RE8rQsJ6+vrS/uph/Ay06z5nrESCVTQ8OSN3J/W9IQVYcTbxRYp8R7pNgVlrvrQ6:RvU5BGbAzSnISHSvrQLHe

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (55) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks