General
-
Target
fc140a218780fadbbcd7570fb7e6df3f_JaffaCakes118
-
Size
60KB
-
Sample
240420-gpleesah5t
-
MD5
fc140a218780fadbbcd7570fb7e6df3f
-
SHA1
96b6e8c81f4c9b2e338bd5be3b538d759b9cca2c
-
SHA256
1194aebc9a0016084f6966b07a171e4c62ce1b21580d177a876873641692ee13
-
SHA512
d4754d4efad60d145138d4056c18691f14de76a1d916c0b0a70fd180680ce010720c0bd101338b3c583176291549bda81a91b0a21410da0ea1dd65f651c04675
-
SSDEEP
768:ZOucKn7n1JFDNANIU+/ovLDwUzc80gmq3oP/oDt:ZO2FDNAPjr/0O8/op
Malware Config
Targets
-
-
Target
fc140a218780fadbbcd7570fb7e6df3f_JaffaCakes118
-
Size
60KB
-
MD5
fc140a218780fadbbcd7570fb7e6df3f
-
SHA1
96b6e8c81f4c9b2e338bd5be3b538d759b9cca2c
-
SHA256
1194aebc9a0016084f6966b07a171e4c62ce1b21580d177a876873641692ee13
-
SHA512
d4754d4efad60d145138d4056c18691f14de76a1d916c0b0a70fd180680ce010720c0bd101338b3c583176291549bda81a91b0a21410da0ea1dd65f651c04675
-
SSDEEP
768:ZOucKn7n1JFDNANIU+/ovLDwUzc80gmq3oP/oDt:ZO2FDNAPjr/0O8/op
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (102) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-