General

  • Target

    JaffaCakes118_069bcb8d4a8a3ed2701528f6a3a0c200

  • Size

    725KB

  • Sample

    250518-k5k1dahm5x

  • MD5

    069bcb8d4a8a3ed2701528f6a3a0c200

  • SHA1

    3cccb84c47c2e0d3fe04725035df0b5a95e7567a

  • SHA256

    8a7ecdae3d5816a02cbef79f0b568f2f43faac681f19f2c089494b013e0b63d2

  • SHA512

    17f7f285997c5bfa1737c5259250b4b6b5038d8ab49e3c3ad35892b506a8e93454eab490f734ca6b22e39ceb1e280762f34afe4abfa9d72e8257ce6d8af25b3a

  • SSDEEP

    12288:3wZ/iTS5T8rW6AxF9OwoDh7dSJgTZrkWXgK+4wxteW6gRDQ7:AZ/iTcT8rliF9oDhsygkWq7

Malware Config

Targets

    • Target

      JaffaCakes118_069bcb8d4a8a3ed2701528f6a3a0c200

    • Size

      725KB

    • MD5

      069bcb8d4a8a3ed2701528f6a3a0c200

    • SHA1

      3cccb84c47c2e0d3fe04725035df0b5a95e7567a

    • SHA256

      8a7ecdae3d5816a02cbef79f0b568f2f43faac681f19f2c089494b013e0b63d2

    • SHA512

      17f7f285997c5bfa1737c5259250b4b6b5038d8ab49e3c3ad35892b506a8e93454eab490f734ca6b22e39ceb1e280762f34afe4abfa9d72e8257ce6d8af25b3a

    • SSDEEP

      12288:3wZ/iTS5T8rW6AxF9OwoDh7dSJgTZrkWXgK+4wxteW6gRDQ7:AZ/iTcT8rliF9oDhsygkWq7

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks