General

  • Target

    JaffaCakes118_06c41e85097f144c821a9771d27fb670

  • Size

    571KB

  • Sample

    250518-wdngzaam81

  • MD5

    06c41e85097f144c821a9771d27fb670

  • SHA1

    e9e1484cdca52a8dce2e9e9b79fb3fd0d495a80b

  • SHA256

    1adf4bb1d95dd2940856ad2bec19385c068c8862e730e619dd8285e3b3e1a8ae

  • SHA512

    ccaec1fbd1555bd1383884bce09db1cb8ffe6615806938974b4c68f148ce908a935dc62770b1f102601265eaab413d6ade210c95d4e817f0e50294c47611d09e

  • SSDEEP

    12288:TeBvMCkZoB99IubEjai8BxF75cNAm1N4VTzdOGNkNiMaEAK:TIMRZoBjNiuIETzddkNiMaEAK

Malware Config

Targets

    • Target

      JaffaCakes118_06c41e85097f144c821a9771d27fb670

    • Size

      571KB

    • MD5

      06c41e85097f144c821a9771d27fb670

    • SHA1

      e9e1484cdca52a8dce2e9e9b79fb3fd0d495a80b

    • SHA256

      1adf4bb1d95dd2940856ad2bec19385c068c8862e730e619dd8285e3b3e1a8ae

    • SHA512

      ccaec1fbd1555bd1383884bce09db1cb8ffe6615806938974b4c68f148ce908a935dc62770b1f102601265eaab413d6ade210c95d4e817f0e50294c47611d09e

    • SSDEEP

      12288:TeBvMCkZoB99IubEjai8BxF75cNAm1N4VTzdOGNkNiMaEAK:TIMRZoBjNiuIETzddkNiMaEAK

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (56) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks