General
-
Target
045e9e9b6fd45725ac8bb9bddb2fbd9f_JaffaCakes118
-
Size
500KB
-
Sample
240428-e16hmaga52
-
MD5
045e9e9b6fd45725ac8bb9bddb2fbd9f
-
SHA1
ffcd0cf2e9b9b1df2ca274044896381da04113ab
-
SHA256
58d0f6f4d44eeb1f0c518e928948c3dbd69540bfdd84581ab91a94861ef5964f
-
SHA512
2d65054a3166e3b6de4d66725ea2ea4c08b7c236aeef5002b97d3f5b4999b63d5d7514e09f107b8f01f2fd3404ba5e585fac2388506092268c4f184109b6d5f2
-
SSDEEP
6144:f59UBzgPVwrzTiE/Hlf1ZMgqOaY2CGC8y2KyadiRsUoNCeULoS:GgUuEvlN6gjZZG7adi2UhfLp
Static task
static1
Behavioral task
behavioral1
Sample
045e9e9b6fd45725ac8bb9bddb2fbd9f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
045e9e9b6fd45725ac8bb9bddb2fbd9f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\_ReCoVeRy_+uwpbi.txt
http://t54ndnku456ngkwsudqer.wallymac.com/B44DBA3845E675B0
http://po4dbsjbneljhrlbvaueqrgveatv.bonmawp.at/B44DBA3845E675B0
http://hrfgd74nfksjdcnnklnwefvdsf.materdunst.com/B44DBA3845E675B0
http://xlowfznrg4wf7dli.onion/B44DBA3845E675B0
Targets
-
-
Target
045e9e9b6fd45725ac8bb9bddb2fbd9f_JaffaCakes118
-
Size
500KB
-
MD5
045e9e9b6fd45725ac8bb9bddb2fbd9f
-
SHA1
ffcd0cf2e9b9b1df2ca274044896381da04113ab
-
SHA256
58d0f6f4d44eeb1f0c518e928948c3dbd69540bfdd84581ab91a94861ef5964f
-
SHA512
2d65054a3166e3b6de4d66725ea2ea4c08b7c236aeef5002b97d3f5b4999b63d5d7514e09f107b8f01f2fd3404ba5e585fac2388506092268c4f184109b6d5f2
-
SSDEEP
6144:f59UBzgPVwrzTiE/Hlf1ZMgqOaY2CGC8y2KyadiRsUoNCeULoS:GgUuEvlN6gjZZG7adi2UhfLp
Score10/10-
Renames multiple (381) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-