General

  • Target

    JaffaCakes118_0bfff52e62721aed7650a8b3369de786

  • Size

    541KB

  • Sample

    250529-3aa6sszns3

  • MD5

    0bfff52e62721aed7650a8b3369de786

  • SHA1

    dababcb1006f83d82b026b55b35abd41298812bc

  • SHA256

    13be9791e9c15c49f59209e65b90257d65a9ec7e33e22aec17d4df103e270f4d

  • SHA512

    fae8e6374f9c891e14d4987d8d30ef8f39275c3dd978e28124b36ee9ec5edc751d688def18f8498888158afedca05c8f1106da3f7853097b3b1c3e0899659f1c

  • SSDEEP

    12288:jdA6rQS/7mY5TtZnw4THHFzAzFELRoc92nP1hEWEFzrKGlVaB:d5mwbFHFzqFELRo5nPrEWEFzuGb4

Malware Config

Targets

    • Target

      archive.scr

    • Size

      691KB

    • MD5

      0d257126a228f55bc43dac61a6d6feae

    • SHA1

      5689fd99543f2e45e29e7eb157c95adcccbb5281

    • SHA256

      be2a681814d768bfe766c4ec37f79cf81e3827d71e340aec1f55623aea44cdc2

    • SHA512

      4ce32ae2a07c834f62fed94b9dbde0a8d25063969c8190ea6d09da5965673afdfcaa9637f4dd5afe26cddedaccc7ee911cda13e9ce8c532021e900712e62284d

    • SSDEEP

      12288:9XmwRo+mv8QD4+0N46C6dadcXiJ6djQqdqijrPrFs4x0hHKFrqtM:9X48QE+UE6dadcSJ6p0ArPJZx0pGMM

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks