General

  • Target

    JaffaCakes118_050ee889b6b0eb9cc09b37ef75233560

  • Size

    488KB

  • Sample

    250516-bbq5vsvlw7

  • MD5

    050ee889b6b0eb9cc09b37ef75233560

  • SHA1

    40c8ddf1b3369236fbae1ef4359c1f32899670e6

  • SHA256

    0f3c8fcc594f6d924b9de88c6d9e7a31c77e526576e508f4e1622a8eaa8afa13

  • SHA512

    b3cc0c4552b20eb3822248be7475eb790feececd2bd9bd5a8fa2dd638945fb4171e229d43c3bc7dcc3ec70a22e3c7a775a737659a1eaebf94068c3540c7a9b7c

  • SSDEEP

    12288:mAp7HufY10c50F5P3rzv1T3mV7HlLjsQAmWkhzBxamh+A3Eq:mAp7HufY1MV3rzvV3mPgQBWmzjaM+AV

Malware Config

Targets

    • Target

      JaffaCakes118_050ee889b6b0eb9cc09b37ef75233560

    • Size

      488KB

    • MD5

      050ee889b6b0eb9cc09b37ef75233560

    • SHA1

      40c8ddf1b3369236fbae1ef4359c1f32899670e6

    • SHA256

      0f3c8fcc594f6d924b9de88c6d9e7a31c77e526576e508f4e1622a8eaa8afa13

    • SHA512

      b3cc0c4552b20eb3822248be7475eb790feececd2bd9bd5a8fa2dd638945fb4171e229d43c3bc7dcc3ec70a22e3c7a775a737659a1eaebf94068c3540c7a9b7c

    • SSDEEP

      12288:mAp7HufY10c50F5P3rzv1T3mV7HlLjsQAmWkhzBxamh+A3Eq:mAp7HufY1MV3rzvV3mPgQBWmzjaM+AV

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (60) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks