General

  • Target

    JaffaCakes118_0499a822315aa338600ed39148c328f0

  • Size

    821KB

  • Sample

    250515-nmjalsfl5s

  • MD5

    0499a822315aa338600ed39148c328f0

  • SHA1

    93560e7166ba06ac0d65417ad0a03fe47205e416

  • SHA256

    36638741536265f94d088381075e2c5effb5a6f40c07ae54cb95c6c65dde1fe3

  • SHA512

    85e1ea2ad505cb9fa01b4bd45998f10d59cd64fd9a6af009f444063fea9ef2a1a47390123641ff9861adec8716bdaf75b6235f0cb5fa5b05be2f225112debe4d

  • SSDEEP

    24576:6x4oamOl0bKGnROGDkjehJtlsU2lE0PfK:6Oag01ROQkjehvWRl3fK

Malware Config

Targets

    • Target

      JaffaCakes118_0499a822315aa338600ed39148c328f0

    • Size

      821KB

    • MD5

      0499a822315aa338600ed39148c328f0

    • SHA1

      93560e7166ba06ac0d65417ad0a03fe47205e416

    • SHA256

      36638741536265f94d088381075e2c5effb5a6f40c07ae54cb95c6c65dde1fe3

    • SHA512

      85e1ea2ad505cb9fa01b4bd45998f10d59cd64fd9a6af009f444063fea9ef2a1a47390123641ff9861adec8716bdaf75b6235f0cb5fa5b05be2f225112debe4d

    • SSDEEP

      24576:6x4oamOl0bKGnROGDkjehJtlsU2lE0PfK:6Oag01ROQkjehvWRl3fK

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (54) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks