General

  • Target

    JaffaCakes118_050dd2f1fb6b957f3affcaf916a0aac0

  • Size

    726KB

  • Sample

    250516-a8hdjscj71

  • MD5

    050dd2f1fb6b957f3affcaf916a0aac0

  • SHA1

    7802c6b7f1af094b956c5489571c6bdbdbbf25fd

  • SHA256

    c5b01e015b9ff97a94d5184ab168fcbe9d47313040a5ad42b9e3f4f1f33ee8d3

  • SHA512

    84afdc1db5ccf132ee7120b9796427301b187f8366c6ea8e80c210df0762c71f0df35cc9bbbfb67735443b39e2934f2b9946d33679296a1946db611f8f9b912f

  • SSDEEP

    12288:ceK8EWHnWko169Ja1QAEJ/3kctS////////LExfuOz/NCzWeI127CTOpnkqY:0yi6EQAEXtEExJeWp1rTOWL

Malware Config

Targets

    • Target

      JaffaCakes118_050dd2f1fb6b957f3affcaf916a0aac0

    • Size

      726KB

    • MD5

      050dd2f1fb6b957f3affcaf916a0aac0

    • SHA1

      7802c6b7f1af094b956c5489571c6bdbdbbf25fd

    • SHA256

      c5b01e015b9ff97a94d5184ab168fcbe9d47313040a5ad42b9e3f4f1f33ee8d3

    • SHA512

      84afdc1db5ccf132ee7120b9796427301b187f8366c6ea8e80c210df0762c71f0df35cc9bbbfb67735443b39e2934f2b9946d33679296a1946db611f8f9b912f

    • SSDEEP

      12288:ceK8EWHnWko169Ja1QAEJ/3kctS////////LExfuOz/NCzWeI127CTOpnkqY:0yi6EQAEXtEExJeWp1rTOWL

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (53) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks