General

  • Target

    JaffaCakes118_1c6b72298fa546133df7ece994c09816

  • Size

    190KB

  • Sample

    250704-vtaqdabp8x

  • MD5

    1c6b72298fa546133df7ece994c09816

  • SHA1

    308fdbdacfed5bb78ebc1ad6f3bdbeec011df3ae

  • SHA256

    5cd4b780387673d99cf7bec25b0539cf9480d31a00f8c3a25a4608fc36de8f64

  • SHA512

    6a3aa8405fcaa97d110f0418f388263c598c28595c40f6d6a1a9848bde8c1fbaba756d2bacf68db337ef16ed6b729c8e7dc5238d4ec8eb91df798834ac528c41

  • SSDEEP

    3072:iDEaRLPxhkXZM15TEJPoRMc8n9llngPeVxOifYlG5LEzHx3gjmYWYit3y7:ijxhkZM1REWo9rnRIlHR3YgYqi7

Malware Config

Targets

    • Target

      JaffaCakes118_1c6b72298fa546133df7ece994c09816

    • Size

      190KB

    • MD5

      1c6b72298fa546133df7ece994c09816

    • SHA1

      308fdbdacfed5bb78ebc1ad6f3bdbeec011df3ae

    • SHA256

      5cd4b780387673d99cf7bec25b0539cf9480d31a00f8c3a25a4608fc36de8f64

    • SHA512

      6a3aa8405fcaa97d110f0418f388263c598c28595c40f6d6a1a9848bde8c1fbaba756d2bacf68db337ef16ed6b729c8e7dc5238d4ec8eb91df798834ac528c41

    • SSDEEP

      3072:iDEaRLPxhkXZM15TEJPoRMc8n9llngPeVxOifYlG5LEzHx3gjmYWYit3y7:ijxhkZM1REWo9rnRIlHR3YgYqi7

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks