General

  • Target

    JaffaCakes118_070e6f3491e148a33aa0e43c41ada0d9

  • Size

    488KB

  • Sample

    250519-v1hpkacj8v

  • MD5

    070e6f3491e148a33aa0e43c41ada0d9

  • SHA1

    e5eac2955f92f131a3ad5212a225b8224d972122

  • SHA256

    56875043b1f4ac60ba2146c1df9188094b9f0b3358f26b80f7dae8324320bbb6

  • SHA512

    5c1b023d02cdf22701c4f3b1bd87aef44ef50d76706d31905fc94eed0f68f5b5ae57eaefce8163c2ec91cee0212ce73273e7c771bd146815e6d599fbd8c5fe70

  • SSDEEP

    12288:vl8TZlvIXWwIsNco0Ubag0kEC43/YN4eizlWkC74OIBL0Wer0n:vGtlgXXTN90xg0k03jQA

Malware Config

Targets

    • Target

      JaffaCakes118_070e6f3491e148a33aa0e43c41ada0d9

    • Size

      488KB

    • MD5

      070e6f3491e148a33aa0e43c41ada0d9

    • SHA1

      e5eac2955f92f131a3ad5212a225b8224d972122

    • SHA256

      56875043b1f4ac60ba2146c1df9188094b9f0b3358f26b80f7dae8324320bbb6

    • SHA512

      5c1b023d02cdf22701c4f3b1bd87aef44ef50d76706d31905fc94eed0f68f5b5ae57eaefce8163c2ec91cee0212ce73273e7c771bd146815e6d599fbd8c5fe70

    • SSDEEP

      12288:vl8TZlvIXWwIsNco0Ubag0kEC43/YN4eizlWkC74OIBL0Wer0n:vGtlgXXTN90xg0k03jQA

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks