General

  • Target

    JaffaCakes118_1c3070110de9e28db50ad1f67d2b1553

  • Size

    205KB

  • Sample

    250704-pyvnfsfn6x

  • MD5

    1c3070110de9e28db50ad1f67d2b1553

  • SHA1

    360e8b3e5a8b13deb14af63bc90002d474fbe208

  • SHA256

    2e92e374888650628a4242fdfbad7877be054534e94e1e91515e69a9d046e515

  • SHA512

    8993a9c562bb25ad3e1b42bdf952bc67d81e869dad6362a134605829eb6a61eba981ec9f7c55233606c1d9658c424a3f4fe8cce56eac605368ff9a148a9aa7e0

  • SSDEEP

    3072:5qirRvKN/prLTL08ibI2eNH67pZh/zTTluohXK/+kLSZNVAVe0sd:EirRSrz08yI2GaTxTsoI/+kyGsd

Malware Config

Targets

    • Target

      JaffaCakes118_1c3070110de9e28db50ad1f67d2b1553

    • Size

      205KB

    • MD5

      1c3070110de9e28db50ad1f67d2b1553

    • SHA1

      360e8b3e5a8b13deb14af63bc90002d474fbe208

    • SHA256

      2e92e374888650628a4242fdfbad7877be054534e94e1e91515e69a9d046e515

    • SHA512

      8993a9c562bb25ad3e1b42bdf952bc67d81e869dad6362a134605829eb6a61eba981ec9f7c55233606c1d9658c424a3f4fe8cce56eac605368ff9a148a9aa7e0

    • SSDEEP

      3072:5qirRvKN/prLTL08ibI2eNH67pZh/zTTluohXK/+kLSZNVAVe0sd:EirRSrz08yI2GaTxTsoI/+kyGsd

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks