General
-
Target
010b39cbb71ecaeb3229e25eb4f0e1d0_JaffaCakes118
-
Size
825KB
-
Sample
240426-sh7jvseb56
-
MD5
010b39cbb71ecaeb3229e25eb4f0e1d0
-
SHA1
5029fb94981e04e079204189533722bdac067d0a
-
SHA256
f2c9eded4b47b0476b18e74633b4959e5afbd1a2971079babd1d94379183f2f1
-
SHA512
cf8958a197d28c7b98c2de42bf48a2b360696760559b3e072034e686918635a841c26c4c7cbb3ef0298ead8d7d7bdf992340679e6fc2ba4ab6b05857e64a09dc
-
SSDEEP
6144:G82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwNk:Qp4pNfz3ymJnJ8QCFkxCaQTOlObVLzQ
Malware Config
Targets
-
-
Target
010b39cbb71ecaeb3229e25eb4f0e1d0_JaffaCakes118
-
Size
825KB
-
MD5
010b39cbb71ecaeb3229e25eb4f0e1d0
-
SHA1
5029fb94981e04e079204189533722bdac067d0a
-
SHA256
f2c9eded4b47b0476b18e74633b4959e5afbd1a2971079babd1d94379183f2f1
-
SHA512
cf8958a197d28c7b98c2de42bf48a2b360696760559b3e072034e686918635a841c26c4c7cbb3ef0298ead8d7d7bdf992340679e6fc2ba4ab6b05857e64a09dc
-
SSDEEP
6144:G82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwNk:Qp4pNfz3ymJnJ8QCFkxCaQTOlObVLzQ
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-