General
-
Target
011e2c40e77377c3ccaaeb88bf9c058d_JaffaCakes118
-
Size
270KB
-
Sample
240426-s8elrsfg2t
-
MD5
011e2c40e77377c3ccaaeb88bf9c058d
-
SHA1
4759bba0bb03ac91fe84a985ae31a5a11e0d8e0d
-
SHA256
46e25fd9b16ed17f12d92d6e4ece389b5c69706ff8088c14898b354ce64612e5
-
SHA512
53d144b923ebd6d02afc6ac8bc6fdeb748811f50edc7f46f172fc520090b3c91725afba43effd3354b90589e5f7586163453d692b03c31bc4adddcf25b15c4ca
-
SSDEEP
3072:hMjiE6gILPP+jPDxd8JiPZ1xUU3QZBNaX6krdZOl/bggSCGYXOlRTfpBaN2yvcGZ:1EvILHiPDxdbZ1x8gQ/bdktBakyPXL
Static task
static1
Behavioral task
behavioral1
Sample
011e2c40e77377c3ccaaeb88bf9c058d_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
011e2c40e77377c3ccaaeb88bf9c058d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\MFKPEKYS-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/67bdf846611e7c1
Extracted
F:\$RECYCLE.BIN\S-1-5-21-2818691465-3043947619-2475182763-1000\YFPGJCOAKX-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/2eaa3b88854c2702
Targets
-
-
Target
011e2c40e77377c3ccaaeb88bf9c058d_JaffaCakes118
-
Size
270KB
-
MD5
011e2c40e77377c3ccaaeb88bf9c058d
-
SHA1
4759bba0bb03ac91fe84a985ae31a5a11e0d8e0d
-
SHA256
46e25fd9b16ed17f12d92d6e4ece389b5c69706ff8088c14898b354ce64612e5
-
SHA512
53d144b923ebd6d02afc6ac8bc6fdeb748811f50edc7f46f172fc520090b3c91725afba43effd3354b90589e5f7586163453d692b03c31bc4adddcf25b15c4ca
-
SSDEEP
3072:hMjiE6gILPP+jPDxd8JiPZ1xUU3QZBNaX6krdZOl/bggSCGYXOlRTfpBaN2yvcGZ:1EvILHiPDxdbZ1x8gQ/bdktBakyPXL
Score10/10-
Renames multiple (231) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-