c09b2c0f39539284df2e76d424de5b045b8ddb02267d8027da5a8ab3f9530a8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f63e835191cb05d07914a932c6b6e73_JaffaCakes118
Size

279KB
Sample

240510-qy359sce43
MD5

2f63e835191cb05d07914a932c6b6e73
SHA1

d7bc44cdf14e8ad74311e4251b428b67d82f8be8
SHA256

c09b2c0f39539284df2e76d424de5b045b8ddb02267d8027da5a8ab3f9530a8c
SHA512

1199dcfa1a74cddedb8c6988e368197313e32f0cb1a9f41cb3796997d99c6c44a19909e066c76fde0318e5354e3fc3f51d39ed555fa3fb9d2ff6414e95ad86e6
SSDEEP

6144:LlJZfFoT3vF0cOS6XnL4IRaoFFljCwj8q9ySoWCxdzYY:LldS3v4VLPRayjd8xSczkY

Score

9^/10

evasion ransomware

Malware Config

Targets

- Target
  
  2f63e835191cb05d07914a932c6b6e73_JaffaCakes118
- Size
  
  279KB
- MD5
  
  2f63e835191cb05d07914a932c6b6e73
- SHA1
  
  d7bc44cdf14e8ad74311e4251b428b67d82f8be8
- SHA256
  
  c09b2c0f39539284df2e76d424de5b045b8ddb02267d8027da5a8ab3f9530a8c
- SHA512
  
  1199dcfa1a74cddedb8c6988e368197313e32f0cb1a9f41cb3796997d99c6c44a19909e066c76fde0318e5354e3fc3f51d39ed555fa3fb9d2ff6414e95ad86e6
- SSDEEP
  
  6144:LlJZfFoT3vF0cOS6XnL4IRaoFFljCwj8q9ySoWCxdzYY:LldS3v4VLPRayjd8xSczkY
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc90dfb694d0e17b013d6f818bce41b0
- SHA1
  
  3243969886d640af3bfa442728b9f0dff9d5f5b0
- SHA256
  
  7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528
- SHA512
  
  324f13aa7a33c6408e2a57c3484d1691ecee7c3c1366de2bb8978c8dc66b18425d8cab5a32d1702c13c43703e36148a022263de7166afdce141da2b01169f1c6
- SSDEEP
  
  192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  1128ee61dffa0a97d30b2f828235b289
- SHA1
  
  b552f3d4f13894f2f30fb446893093ca78fe149c
- SHA256
  
  1e33decac84bdd2b3a651c969258f8e6c90616e9ec35de6ab4f402709555ce4c
- SHA512
  
  d470356be436997fc53c17b8546cc80b187538ad2f258788761b92c28d91ef733fe6d8b3b33c353d84d1e0ae089207efd1ebfde33a6d33d5a341960e7bcfc8f5
- SSDEEP
  
  96:E7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN738:5N8KgWAuLWxD8ZAGgmkN
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/footlambert.dll
- Size
  
  72KB
- MD5
  
  6257c45f07098fcb899181f75f4b4eec
- SHA1
  
  7f1ff39c9acd8e831bc99bfcd948a1e63d5fe8cc
- SHA256
  
  a4e09e725d13fe7d4410ce0987eeae07bcde270dba41e77d9480d010b72f6aaf
- SHA512
  
  0a803123ac2703dc4a49a8a11a66b67fa31a54b306dc5da6e8bd02366747c2cded2095c6d74193b10bd1335926b02ea25c6fd75e69f43cd6b42bf984ab9d9fdd
- SSDEEP
  
  768:Z478WIrnB4YOGtlTtl8JrQf7Oq9HgvnroyqNUExUK3kYJ/ZOTVtK+ui:Z478WQBkQ2kjO6gvtkUK0YfYtKNi
Score

3^/10
behavioral7 behavioral8
- Target
  
  uninstall.exe
- Size
  
  44KB
- MD5
  
  161879c2de84c66aaa92a86bcb93abe1
- SHA1
  
  33d864933df4a7cd976138734786389bc1c5d81e
- SHA256
  
  311309fb3f0a230e146ad3c4bc804efb82819695168a07ee86817870ae3fbe1d
- SHA512
  
  a4d0d3a7e1f46a0ebb580d2e226895f52398b1207e8f5ce8d337b302a0745f67d9bc8f03686175979e8404b402040a047b73637f36a8ded742be8dee9e13860f
- SSDEEP
  
  768:WWtWol0uWgWOERlHXWJZd7eLRtmZPrNMF9zGPVzIsJRnjWjIUHvF1nLdZi5g:LM0VWnOl6Rtm5rNj9zIiWJvFbsK
Score

9^/10

evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc90dfb694d0e17b013d6f818bce41b0
- SHA1
  
  3243969886d640af3bfa442728b9f0dff9d5f5b0
- SHA256
  
  7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528
- SHA512
  
  324f13aa7a33c6408e2a57c3484d1691ecee7c3c1366de2bb8978c8dc66b18425d8cab5a32d1702c13c43703e36148a022263de7166afdce141da2b01169f1c6
- SSDEEP
  
  192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  1128ee61dffa0a97d30b2f828235b289
- SHA1
  
  b552f3d4f13894f2f30fb446893093ca78fe149c
- SHA256
  
  1e33decac84bdd2b3a651c969258f8e6c90616e9ec35de6ab4f402709555ce4c
- SHA512
  
  d470356be436997fc53c17b8546cc80b187538ad2f258788761b92c28d91ef733fe6d8b3b33c353d84d1e0ae089207efd1ebfde33a6d33d5a341960e7bcfc8f5
- SSDEEP
  
  96:E7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN738:5N8KgWAuLWxD8ZAGgmkN
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

evasionransomware

behavioral10

evasionransomware

behavioral11

behavioral12

behavioral13

behavioral14