General

  • Target

    45021a1a159dea9952ad3494b8d49852_JaffaCakes118

  • Size

    520KB

  • Sample

    240515-hs6p7sec83

  • MD5

    45021a1a159dea9952ad3494b8d49852

  • SHA1

    9d410c919a965b80ce451b8565286d2f9de05b23

  • SHA256

    cefb526d4067694c034c8c578b38d3ce68fdb56f10025dfa30f39f0556286d15

  • SHA512

    c426327ba46ff80c2c943e41fe2417fb2dd2628f9a2431d1bcae390fe6b7fe53891f40436b3cdd8a661b5f954f7763bbc737225360bc29ca16da00fc1efdf83a

  • SSDEEP

    12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Malware Config

Targets

    • Target

      45021a1a159dea9952ad3494b8d49852_JaffaCakes118

    • Size

      520KB

    • MD5

      45021a1a159dea9952ad3494b8d49852

    • SHA1

      9d410c919a965b80ce451b8565286d2f9de05b23

    • SHA256

      cefb526d4067694c034c8c578b38d3ce68fdb56f10025dfa30f39f0556286d15

    • SHA512

      c426327ba46ff80c2c943e41fe2417fb2dd2628f9a2431d1bcae390fe6b7fe53891f40436b3cdd8a661b5f954f7763bbc737225360bc29ca16da00fc1efdf83a

    • SSDEEP

      12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Impact

Defacement

1
T1491

Tasks