General

  • Target

    JaffaCakes118_1c31f60d917028dd5e4cb93ba879ce72

  • Size

    254KB

  • Sample

    250704-p22k6sfp51

  • MD5

    1c31f60d917028dd5e4cb93ba879ce72

  • SHA1

    3459392e49a39ab7f33aceae163067afe53edfa7

  • SHA256

    579e182c97c318021942778e416247f095f631ba88974940161a5d1f4eb5c5b7

  • SHA512

    8553b72812a85f2d474a4922135328cba9f0e3ee7cf0e1473b966ab97168f157dc1d7656142257982f63222d16bbdbd212c2770c240232c40aecc69538a6f3f1

  • SSDEEP

    6144:/up89HJ98xIcEZMSu0u4IfAY9BnEjpeft:/Z4xAxuv4IN1EdWt

Malware Config

Targets

    • Target

      JaffaCakes118_1c31f60d917028dd5e4cb93ba879ce72

    • Size

      254KB

    • MD5

      1c31f60d917028dd5e4cb93ba879ce72

    • SHA1

      3459392e49a39ab7f33aceae163067afe53edfa7

    • SHA256

      579e182c97c318021942778e416247f095f631ba88974940161a5d1f4eb5c5b7

    • SHA512

      8553b72812a85f2d474a4922135328cba9f0e3ee7cf0e1473b966ab97168f157dc1d7656142257982f63222d16bbdbd212c2770c240232c40aecc69538a6f3f1

    • SSDEEP

      6144:/up89HJ98xIcEZMSu0u4IfAY9BnEjpeft:/Z4xAxuv4IN1EdWt

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks