General

  • Target

    40ebefdec6870263827ce6425702e785_JaffaCakes118

  • Size

    654KB

  • Sample

    240514-kt64gahg78

  • MD5

    40ebefdec6870263827ce6425702e785

  • SHA1

    6eeb5a2e81f54e1eec1eb7af2ed621504011065b

  • SHA256

    0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d

  • SHA512

    62e1f05949536d7ac5ae878c5eff25dda11cb44073c27d93a203b39fd029664b17966c60a047bf7a3345ab0bee99548b589fef20e8257c8351c18fbd6459c54d

  • SSDEEP

    12288:/jmKnV9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:/xnfS/XfuDisAgbeUup4OY9+F

Malware Config

Targets

    • Target

      40ebefdec6870263827ce6425702e785_JaffaCakes118

    • Size

      654KB

    • MD5

      40ebefdec6870263827ce6425702e785

    • SHA1

      6eeb5a2e81f54e1eec1eb7af2ed621504011065b

    • SHA256

      0d0ec7cc3b6c9ca1251cfb8672cd4e9c68080f7f0a67ad17357f62a9fd4aea5d

    • SHA512

      62e1f05949536d7ac5ae878c5eff25dda11cb44073c27d93a203b39fd029664b17966c60a047bf7a3345ab0bee99548b589fef20e8257c8351c18fbd6459c54d

    • SSDEEP

      12288:/jmKnV9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:/xnfS/XfuDisAgbeUup4OY9+F

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Impact

Defacement

1
T1491

Tasks