General

  • Target

    3bb08784ca43d644f60fd9408de9133f_JaffaCakes118

  • Size

    590KB

  • Sample

    240512-x3xbvacd4x

  • MD5

    3bb08784ca43d644f60fd9408de9133f

  • SHA1

    08b4199debe88d9b73a3dbe506ce7c6249537c39

  • SHA256

    9f641227b8e5e176b29630376a125949b22389b07253b664a44371642f1dc400

  • SHA512

    3ee94f28d095e46a0dee39a157ab122e2e3d67b3b3254a6dc50e3bd63f7141e1a4684f8eb51f560e47245ff8957ad5346f99b789264ab55a237c293cc1ea24e9

  • SSDEEP

    12288:oguxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9i:8N5+f7t3cEFVq5Y0wu7zos

Malware Config

Targets

    • Target

      3bb08784ca43d644f60fd9408de9133f_JaffaCakes118

    • Size

      590KB

    • MD5

      3bb08784ca43d644f60fd9408de9133f

    • SHA1

      08b4199debe88d9b73a3dbe506ce7c6249537c39

    • SHA256

      9f641227b8e5e176b29630376a125949b22389b07253b664a44371642f1dc400

    • SHA512

      3ee94f28d095e46a0dee39a157ab122e2e3d67b3b3254a6dc50e3bd63f7141e1a4684f8eb51f560e47245ff8957ad5346f99b789264ab55a237c293cc1ea24e9

    • SSDEEP

      12288:oguxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9i:8N5+f7t3cEFVq5Y0wu7zos

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Impact

Defacement

1
T1491

Tasks