General

  • Target

    JaffaCakes118_1c60adefe547610d6184155e353602f0

  • Size

    445KB

  • Sample

    250704-t8x9jswtc1

  • MD5

    1c60adefe547610d6184155e353602f0

  • SHA1

    f999ad21a2a580f0182b69d5ded9c8b2196fcef2

  • SHA256

    0ad8589a3376fa9ff2347c54fffa58c680f62cfd3e6c377828bc69d2f8afc5cb

  • SHA512

    7a3be8ba42a900e1479cea84824d109185a90d9c0539a3594e2dbddd00c5b2fb42d359c4c40f6e93f06285887b896a61857af08e1c17f35e061db6d9ab614112

  • SSDEEP

    6144:b1aqZtXuT6rvpuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu+6kvJml5VzrvcfkSy:bIOcOv3VzzQ8LnrJ5r7PCNIZa8J

Malware Config

Targets

    • Target

      JaffaCakes118_1c60adefe547610d6184155e353602f0

    • Size

      445KB

    • MD5

      1c60adefe547610d6184155e353602f0

    • SHA1

      f999ad21a2a580f0182b69d5ded9c8b2196fcef2

    • SHA256

      0ad8589a3376fa9ff2347c54fffa58c680f62cfd3e6c377828bc69d2f8afc5cb

    • SHA512

      7a3be8ba42a900e1479cea84824d109185a90d9c0539a3594e2dbddd00c5b2fb42d359c4c40f6e93f06285887b896a61857af08e1c17f35e061db6d9ab614112

    • SSDEEP

      6144:b1aqZtXuT6rvpuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu+6kvJml5VzrvcfkSy:bIOcOv3VzzQ8LnrJ5r7PCNIZa8J

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks