General
-
Target
0fbcb5b55c5e2fb2b020d5cb7266ee69_JaffaCakes118
-
Size
554KB
-
Sample
240503-fsdnbafh2y
-
MD5
0fbcb5b55c5e2fb2b020d5cb7266ee69
-
SHA1
c4cf2886290641e7c00429c8d866de8eca642de5
-
SHA256
29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
-
SHA512
b986e10ea0a67db49eab5d443de76ba64a1071c5f10e432b4d43c4619d4f63f8316582bc7d5238ef00526019af1d4218424b3b9613e5bf6fbc8f7316e2019654
-
SSDEEP
12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOql:nLueaKR72qKoe/EhdKYavl
Malware Config
Targets
-
-
Target
0fbcb5b55c5e2fb2b020d5cb7266ee69_JaffaCakes118
-
Size
554KB
-
MD5
0fbcb5b55c5e2fb2b020d5cb7266ee69
-
SHA1
c4cf2886290641e7c00429c8d866de8eca642de5
-
SHA256
29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
-
SHA512
b986e10ea0a67db49eab5d443de76ba64a1071c5f10e432b4d43c4619d4f63f8316582bc7d5238ef00526019af1d4218424b3b9613e5bf6fbc8f7316e2019654
-
SSDEEP
12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOql:nLueaKR72qKoe/EhdKYavl
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-