General

  • Target

    JaffaCakes118_043ccb594cc20fc4890c38f80089b2f0

  • Size

    989KB

  • Sample

    250515-eexctsfk3s

  • MD5

    043ccb594cc20fc4890c38f80089b2f0

  • SHA1

    7a3138ed8f5c8206fc90b00fcb41bab9dc285f96

  • SHA256

    0b41bf9ba01e29bd7637a1a5eb746d7b8d2567981c6474cf8c68f0e7f747370b

  • SHA512

    050d0882660d77781c4599dbf741ca97e701b9f1479628e08fbbc19661adccb70a8433b54a2888073cdd41ae9891e7da17920fa9d3df5c0b0d8ee5a662164547

  • SSDEEP

    24576:VVGBZ4WV3ENtudpfZT0F+mKxDq7JByLSe2Aola8+QZZZZZZZZZZZ68kdgH:VVGvStuJT0ecaF8+5rdg

Malware Config

Targets

    • Target

      JaffaCakes118_043ccb594cc20fc4890c38f80089b2f0

    • Size

      989KB

    • MD5

      043ccb594cc20fc4890c38f80089b2f0

    • SHA1

      7a3138ed8f5c8206fc90b00fcb41bab9dc285f96

    • SHA256

      0b41bf9ba01e29bd7637a1a5eb746d7b8d2567981c6474cf8c68f0e7f747370b

    • SHA512

      050d0882660d77781c4599dbf741ca97e701b9f1479628e08fbbc19661adccb70a8433b54a2888073cdd41ae9891e7da17920fa9d3df5c0b0d8ee5a662164547

    • SSDEEP

      24576:VVGBZ4WV3ENtudpfZT0F+mKxDq7JByLSe2Aola8+QZZZZZZZZZZZ68kdgH:VVGvStuJT0ecaF8+5rdg

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (54) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks