Overview

overview

10

Static

static

7

fc267f4dab...18.exe

windows7-x64

10

fc267f4dab...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240420-hc5szaag53

  • MD5

    fc267f4dab10ac37397f4438d22caeb0

  • SHA1

    c9b0d9667d6e53cfcfb65ed31d3b94aa2b2b707b

  • SHA256

    a6ea0e0de7fc78b373e23b56cebacbfc7e67596027a22a7eabaf86bf332c5873

  • SHA512

    a2cfbb3ce9189460f1f4a455f1edbdffaab3eead8e240626ec95b85e672e4fb4e6d4559af7ee1d03d5b84037dad749ca5bb8e3e47dd263d168e7c788435d7c76

  • SSDEEP

    6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRhGDur/CbfXJ:5MMpXKb0hNGh1kG0HWnALb

Score
10/10
aspackv2persistenceransomware

Malware Config

Targets

    • Target

      fc267f4dab10ac37397f4438d22caeb0_JaffaCakes118

    • Size

      1.9MB

    • MD5

      fc267f4dab10ac37397f4438d22caeb0

    • SHA1

      c9b0d9667d6e53cfcfb65ed31d3b94aa2b2b707b

    • SHA256

      a6ea0e0de7fc78b373e23b56cebacbfc7e67596027a22a7eabaf86bf332c5873

    • SHA512

      a2cfbb3ce9189460f1f4a455f1edbdffaab3eead8e240626ec95b85e672e4fb4e6d4559af7ee1d03d5b84037dad749ca5bb8e3e47dd263d168e7c788435d7c76

    • SSDEEP

      6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRhGDur/CbfXJ:5MMpXKb0hNGh1kG0HWnALb

    Score
    10/10
    aspackv2persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks