Overview

overview

8

Static

static

3

0053fd6b95...18.exe

windows7-x64

8

0053fd6b95...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0053fd6b95b31894d055449fc2bf8fb2_JaffaCakes118

  • Size

    2.8MB

  • Sample

    240426-jwnjgacc3s

  • MD5

    0053fd6b95b31894d055449fc2bf8fb2

  • SHA1

    6233c3f5db01cb5cd147855943f9a6de4e40b0e1

  • SHA256

    b9fee22aa22cbd6426df7cb81a23d483f631daccdc5b9283c8cf0b63428d2639

  • SHA512

    9ec630e4107c1d211d631f590dd9f3db9cf18b4566d0fe16a45be6b3718396d79a8444e41df40a56c5e3dc258ea428196d3435186772b5872b0944b19cf3f047

  • SSDEEP

    49152:bJeZyG4WKYcMG9Zi2YcMVYcMzsdd3bKkmYZk7x0Tha:9AyG4WK5LZi2545c0mYba

Score
8/10
persistenceransomware

Malware Config

Targets

    • Target

      0053fd6b95b31894d055449fc2bf8fb2_JaffaCakes118

    • Size

      2.8MB

    • MD5

      0053fd6b95b31894d055449fc2bf8fb2

    • SHA1

      6233c3f5db01cb5cd147855943f9a6de4e40b0e1

    • SHA256

      b9fee22aa22cbd6426df7cb81a23d483f631daccdc5b9283c8cf0b63428d2639

    • SHA512

      9ec630e4107c1d211d631f590dd9f3db9cf18b4566d0fe16a45be6b3718396d79a8444e41df40a56c5e3dc258ea428196d3435186772b5872b0944b19cf3f047

    • SSDEEP

      49152:bJeZyG4WKYcMG9Zi2YcMVYcMzsdd3bKkmYZk7x0Tha:9AyG4WK5LZi2545c0mYba

    Score
    8/10
    persistenceransomware

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks