General
-
Target
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118
-
Size
42KB
-
Sample
240417-dfghbsdd3t
-
MD5
5884482db6adca2b8476c395c66805e7
-
SHA1
4c5b8b834d7d9e8b1316a1b8d2e7b9024022d4ce
-
SHA256
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839
-
SHA512
4e1007fb311c474217b8dfb810d04c2b188deadf56dcd81ee532a48abeb5fc29ff0eae7628cda5aa78f690f46c2370dfb3379e270ee03e83025f7a872f99e52d
-
SSDEEP
768:AO1oR/RVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDsUky5DuGMKKz0YnW:AXS1FKnDtkuImNNxFKU
Behavioral task
behavioral1
Sample
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\+README-WARNING+.txt
Targets
-
-
Target
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839_JaffaCakes118
-
Size
42KB
-
MD5
5884482db6adca2b8476c395c66805e7
-
SHA1
4c5b8b834d7d9e8b1316a1b8d2e7b9024022d4ce
-
SHA256
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839
-
SHA512
4e1007fb311c474217b8dfb810d04c2b188deadf56dcd81ee532a48abeb5fc29ff0eae7628cda5aa78f690f46c2370dfb3379e270ee03e83025f7a872f99e52d
-
SSDEEP
768:AO1oR/RVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDsUky5DuGMKKz0YnW:AXS1FKnDtkuImNNxFKU
Score10/10-
Renames multiple (8319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-