General
-
Target
48460c1f75469995a67349fe0766f776_JaffaCakes118
-
Size
88KB
-
Sample
240515-15fnnaef6y
-
MD5
48460c1f75469995a67349fe0766f776
-
SHA1
7231c635ee7623977c79f8a44a77384a4ff4536f
-
SHA256
648eb39a5e77af2e2069e196a5709a93e81b29c74dbe2fa4ead4440e0f535e97
-
SHA512
ad2a372e96f6fbb83f0f8e213804b7c978afa7d28ac3a3a330d9dd1b103efc799824c3815593b9e4c41d05df8723445bad8040c42da121fd2330917d160c9afd
-
SSDEEP
1536:HN5kEXLJj+EFTctJovSdM0wPC7KZhxKOn+nJI3pD34YsXm:t5kENj+EpcUSiHK7Kf+JI3B34YsX
Malware Config
Extracted
C:\MSOCache\All Users\INSTRUCTION_FOR_HELPING_FILE_RECOVERY.TXT
Extracted
C:\Program Files\INSTRUCTION_FOR_HELPING_FILE_RECOVERY.TXT
Targets
-
-
Target
48460c1f75469995a67349fe0766f776_JaffaCakes118
-
Size
88KB
-
MD5
48460c1f75469995a67349fe0766f776
-
SHA1
7231c635ee7623977c79f8a44a77384a4ff4536f
-
SHA256
648eb39a5e77af2e2069e196a5709a93e81b29c74dbe2fa4ead4440e0f535e97
-
SHA512
ad2a372e96f6fbb83f0f8e213804b7c978afa7d28ac3a3a330d9dd1b103efc799824c3815593b9e4c41d05df8723445bad8040c42da121fd2330917d160c9afd
-
SSDEEP
1536:HN5kEXLJj+EFTctJovSdM0wPC7KZhxKOn+nJI3pD34YsXm:t5kENj+EpcUSiHK7Kf+JI3B34YsX
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
System Services
1Service Execution
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1