Resubmissions

26-04-2024 19:01

240426-xpejwaaa89 10

26-04-2024 19:00

240426-xnq7aaah9y 10

26-04-2024 18:24

240426-w1z5aaac81 10

General

  • Target

    016268eb5a31a62631682b24291855ba_JaffaCakes118

  • Size

    988KB

  • Sample

    240426-xnq7aaah9y

  • MD5

    016268eb5a31a62631682b24291855ba

  • SHA1

    9f4b549156a17451748c8a580126a18d00ffe633

  • SHA256

    c1d656f523274f8af119e05658173aa49c52d3bba63e083ca8adc7c7346f2147

  • SHA512

    a3c091820409fb3637a0c910d1f7abfc131aecf3d27f13578e0187525d86d66bce5415ba84c139a17aa3d7f891f90ff88e6ee19d3198f097030a215dc6c524a1

  • SSDEEP

    24576:hs48aycVm2RT3oy8sFKAWRN3KtCfJ0yhnSMiGr0+MC+bqF:h/NRI2tgsFGKkfXXiKyC3F

Malware Config

Targets

    • Target

      016268eb5a31a62631682b24291855ba_JaffaCakes118

    • Size

      988KB

    • MD5

      016268eb5a31a62631682b24291855ba

    • SHA1

      9f4b549156a17451748c8a580126a18d00ffe633

    • SHA256

      c1d656f523274f8af119e05658173aa49c52d3bba63e083ca8adc7c7346f2147

    • SHA512

      a3c091820409fb3637a0c910d1f7abfc131aecf3d27f13578e0187525d86d66bce5415ba84c139a17aa3d7f891f90ff88e6ee19d3198f097030a215dc6c524a1

    • SSDEEP

      24576:hs48aycVm2RT3oy8sFKAWRN3KtCfJ0yhnSMiGr0+MC+bqF:h/NRI2tgsFGKkfXXiKyC3F

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks