General

  • Target

    1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118

  • Size

    615KB

  • Sample

    240506-3ldfasbe36

  • MD5

    1eb5b93203f2ee6d0cc0c61f634eeb63

  • SHA1

    9f6eacd64f69c34c88b5a249e0c07a275efff1f6

  • SHA256

    92d843407a4f17392c7d7b2f6fc2dfa879743ed87d54c16a0449bfb4d168b541

  • SHA512

    7ca76f7085982cefed0c98fb9660193178478a73be641bff55ed88a8d07925bb56712b877b358e65aa198bbbd0ac5330bd280239ec383a426dc928f4aa076d0c

  • SSDEEP

    12288:OBRpTCkUGgvu5F4ZBV9K8HCEZqxeemKduM+cyS1T7FA+6SP:OVTCq4H3KFjx+ALb1T7wSP

Malware Config

Targets

    • Target

      1eb5b93203f2ee6d0cc0c61f634eeb63_JaffaCakes118

    • Size

      615KB

    • MD5

      1eb5b93203f2ee6d0cc0c61f634eeb63

    • SHA1

      9f6eacd64f69c34c88b5a249e0c07a275efff1f6

    • SHA256

      92d843407a4f17392c7d7b2f6fc2dfa879743ed87d54c16a0449bfb4d168b541

    • SHA512

      7ca76f7085982cefed0c98fb9660193178478a73be641bff55ed88a8d07925bb56712b877b358e65aa198bbbd0ac5330bd280239ec383a426dc928f4aa076d0c

    • SSDEEP

      12288:OBRpTCkUGgvu5F4ZBV9K8HCEZqxeemKduM+cyS1T7FA+6SP:OVTCq4H3KFjx+ALb1T7wSP

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Impact

Defacement

1
T1491

Tasks