General

  • Target

    0b040905485bcc34a06f2e9ad2f04917_JaffaCakes118

  • Size

    766KB

  • Sample

    240501-d5zefafa2s

  • MD5

    0b040905485bcc34a06f2e9ad2f04917

  • SHA1

    b09140f7d7441e8585d9ca379a5a915357af82af

  • SHA256

    4a0b83817f7e10ccaf4f73a8317c132fef767f646b5669e28d509c935910ef79

  • SHA512

    0f1a854af2e5423f50b124bf274905569e8e4c03eee91e2e23c384234e2b19c8f249b117f033f1ee59f6214d7ca9a2554189f4af009d0bb929feb9c952648052

  • SSDEEP

    12288:5pezD/g+2FEvIuAOGA6ZEL+X+JLBI+ULp3g7lFVBMbLPNqnsb65yP/hizdOGrld9:5p0/p4eAxxOTI+Mhg7lKHVqsUyPpGdOG

Malware Config

Targets

    • Target

      Fattura 00384788-0849838.pdf.exe

    • Size

      867KB

    • MD5

      921023d253b6dfac1eaabe38f3b36a45

    • SHA1

      82ae601f2eb5202a5314feffb2a9bd07c5f33327

    • SHA256

      a2deb60615b3bd20beeb9253547a41c0a970139bfb59d9f88854b8b61880ead1

    • SHA512

      86229692b51a24e3f29aec482f6aca2109cf98031011a5bc71b756ee1417fe0200c179bde3adfd9dd72dcb5edd553abb98a5c6845b1c42d3e7672038fb7bc115

    • SSDEEP

      24576:+XH+j3CgxpmJI+QhQ3r+HVqQUEHpGzOUPZ:Jj3CgxpNhN16EHpCx

    Score
    10/10
    • CTB-Locker

      Ransomware family which uses Tor to hide its C2 communications.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      883eff06ac96966270731e4e22817e11

    • SHA1

      523c87c98236cbc04430e87ec19b977595092ac8

    • SHA256

      44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

    • SHA512

      60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

    • SSDEEP

      96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u

    Score
    3/10
    • Target

      NsResize.dll

    • Size

      60KB

    • MD5

      9c655b0c142db0494026c1ebb1b3923f

    • SHA1

      2dbebe42968e78200688e40ab5b8d25bf8e0b4df

    • SHA256

      ef2d114896f07fc20aed5c3045754de0103813aa31bedb188262cec6fb3263dd

    • SHA512

      51d7efab18f6909daf61534befa2e20eec437c24114f7c21b383004806d4b8869dc12395a972965c89dbeb66fe0282833207b5aa93ec7f085ca7054d0a0d9f1d

    • SSDEEP

      768:qGFZmKGqWJ0hYkuyws9yon9dmkVL8L+vR/2nArYDRjrn9To+:q6mfmYkuX3onDmkVLm+o7DB9To

    Score
    3/10
    • Target

      default_hash.js

    • Size

      136B

    • MD5

      06a09bda9d5dd7dba611b2dd460d545e

    • SHA1

      73946d0150e298464b8a55a107bb22be6368029c

    • SHA256

      c062646586359c92950920a9e5a51bcec73afeb863dc01337a88adadc789f05e

    • SHA512

      b104418ebc3eabf7a3d4aae3a23bdeea63d0118f56397e3763318397baa0b59ed5756a354a922c2c6206636ab761197e379e6fa5b4aa7cf2a60c24416a2ad459

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Tasks