General

  • Target

    JaffaCakes118_049841237925c0ef64a76af8ffc65f00

  • Size

    792KB

  • Sample

    250515-nfx57afk7w

  • MD5

    049841237925c0ef64a76af8ffc65f00

  • SHA1

    22850bc693fa0261dd7d2029a902a8be67735f65

  • SHA256

    0dfe38f91847508ffd1f30235c26a01ce5eb7631a7b235ef6bcd77ecb540e09d

  • SHA512

    abb1e0b8ddcc568ee43d06d10e0732b35d49e8a201d0ce10f1736c1d2bd6b73259b1bffed020f55b459391943e951db9971d04a9739882bf51989622eb8a3d9b

  • SSDEEP

    12288:JhKKNYVFDHZ6fBqMR4sInxtHOK2Aq3iQqBA+TcUOEyMyMIgCx2nw6rYWgRdr0tUL:JQ+YzDwfLCL83EHTcd5M5IInwiYnr0S

Malware Config

Targets

    • Target

      JaffaCakes118_049841237925c0ef64a76af8ffc65f00

    • Size

      792KB

    • MD5

      049841237925c0ef64a76af8ffc65f00

    • SHA1

      22850bc693fa0261dd7d2029a902a8be67735f65

    • SHA256

      0dfe38f91847508ffd1f30235c26a01ce5eb7631a7b235ef6bcd77ecb540e09d

    • SHA512

      abb1e0b8ddcc568ee43d06d10e0732b35d49e8a201d0ce10f1736c1d2bd6b73259b1bffed020f55b459391943e951db9971d04a9739882bf51989622eb8a3d9b

    • SSDEEP

      12288:JhKKNYVFDHZ6fBqMR4sInxtHOK2Aq3iQqBA+TcUOEyMyMIgCx2nw6rYWgRdr0tUL:JQ+YzDwfLCL83EHTcd5M5IInwiYnr0S

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (55) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks