General
-
Target
e279b94a16a7339b67f596d36972b53e_JaffaCakes118
-
Size
62KB
-
Sample
240406-nyjqhsac35
-
MD5
e279b94a16a7339b67f596d36972b53e
-
SHA1
0cb7466452229dbe4cc4c7eaee0015caaaaf58c0
-
SHA256
a55de74765216e4695ca88b94be1d030646d746ca16957768a94d49aa244c905
-
SHA512
6ef836edcba7e2e7ef913d61510d5676222b934ba86c6cdcfc8e2016c08232658287cca0497399748a092a46f6cc3039e743b7883f72f8e20ff8a6a24892e0e8
-
SSDEEP
768:KKsMqCXfVcWpjDMLoiANIU0YdYLDwUzc80gmq3oP/oDJ:KKseVMLoiAP8r/0O8/od
Malware Config
Targets
-
-
Target
e279b94a16a7339b67f596d36972b53e_JaffaCakes118
-
Size
62KB
-
MD5
e279b94a16a7339b67f596d36972b53e
-
SHA1
0cb7466452229dbe4cc4c7eaee0015caaaaf58c0
-
SHA256
a55de74765216e4695ca88b94be1d030646d746ca16957768a94d49aa244c905
-
SHA512
6ef836edcba7e2e7ef913d61510d5676222b934ba86c6cdcfc8e2016c08232658287cca0497399748a092a46f6cc3039e743b7883f72f8e20ff8a6a24892e0e8
-
SSDEEP
768:KKsMqCXfVcWpjDMLoiANIU0YdYLDwUzc80gmq3oP/oDJ:KKseVMLoiAP8r/0O8/od
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (67) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-