Extracted

Extracted

• • Target

    05a30994821845197be5d1ebb616dbbb_JaffaCakes118

  • Size

    328KB

  • MD5

    05a30994821845197be5d1ebb616dbbb

  • SHA1

    0bf4c283b2ecac2d8d94074248403d89754c688f

  • SHA256

    73a2ed1606f22e828554948d7f79dd99f2858bc3465e5065abcbf90d98583b3c

  • SHA512

    6bcffb9ec948aee21851e299a8a96a6c795c5546fad7d2f737ceb5f6d782975551b0f77e8e6c91450d5ee881f8e8d35eceb1944101eb94656b42a1e72c1e6073

  • SSDEEP

    6144:a9zyYnK/Poydbl3rFLRN8kAZyubtSiTsflsyAC9RM4ATGtMHoLm:8sgKdrBRMdSOCPbxL

  Score

  10^/10

  teslacryptpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (421) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2