d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4

General

Target

32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118
Size

21.2MB
Sample

240511-fe56eagg67
MD5

32cce6545af187d0efe96c7e40c71c8d
SHA1

76f8360e00280e434af26c1aa890f2003f4bd0dd
SHA256

d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4
SHA512

cb1ce69252e274432b90e360c90519eb59591625bc7174ee1c9410ef12258498328d5dda926b689b8daa679c09a8d9230670c97ce05d2ffbd5b83cbcdaecfb96
SSDEEP

393216:eoXHqXZ6bGw6u6xJHcjOY9lWjQum1UEKFOl7NfpqVrVSvxvbJ4jRh4jx69W:hHqDwIboTXwvEUEKi7NBSx6hF4NL9W

Score

9^/10

Malware Config

Targets

- Target
  
  32cce6545af187d0efe96c7e40c71c8d_JaffaCakes118
- Size
  
  21.2MB
- MD5
  
  32cce6545af187d0efe96c7e40c71c8d
- SHA1
  
  76f8360e00280e434af26c1aa890f2003f4bd0dd
- SHA256
  
  d50a2c2bfcdf4cf8a908cd9b6d091afdea152be6e2b0770173d9fb4380acabb4
- SHA512
  
  cb1ce69252e274432b90e360c90519eb59591625bc7174ee1c9410ef12258498328d5dda926b689b8daa679c09a8d9230670c97ce05d2ffbd5b83cbcdaecfb96
- SSDEEP
  
  393216:eoXHqXZ6bGw6u6xJHcjOY9lWjQum1UEKFOl7NfpqVrVSvxvbJ4jRh4jx69W:hHqDwIboTXwvEUEKi7NBSx6hF4NL9W
Score

9^/10

bootkit discovery execution persistence ransomware spyware stealer
- Renames multiple (78) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallUtility.dll
- Size
  
  1.0MB
- MD5
  
  6112257babfd780d815e8448d9d30395
- SHA1
  
  32ac068f0a885410baddaad5782be6bdd242182a
- SHA256
  
  83059ba16b860d154ee27361e9b9b6ea090aeaf1f48f3c5b1303c750d7ae05ae
- SHA512
  
  3f570338d3a18334711b9bfb47994e24042d2c732e8c71221ff06c3482c656e805d2ebb96047b7120cd14885b409fa24ddce68d9dcbfcc57775561e64d596b8b
- SSDEEP
  
  24576:Sqxnjdf7XNK7gCCRssiYABp7p7TZ9ThYyZJPek:J5VN5asiL1TPThrZJPek
Score

6^/10
- Checks for any installed AV software in registry
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral5 behavioral6