General

  • Target

    4702bb70196fe10d61993bfe8f54da76_JaffaCakes118

  • Size

    395KB

  • Sample

    240515-twvb5ahf52

  • MD5

    4702bb70196fe10d61993bfe8f54da76

  • SHA1

    e546e0859edfeaae9a516d57a1b934c75bcb74b9

  • SHA256

    d905b57d7913430f33e03ab345a0d10f8d64b2132622de69905e631aa74ec9cb

  • SHA512

    1634cdc2c2f8971f48369af01f70aaa45aff00d5f1e9f6d5009e998fb7d257b242ccc3dfca91ac677bcef07577c0ece30dec3d77bad68b39128103ca6d948d22

  • SSDEEP

    6144:VG4GadNgCZtHYi7S82RRxysGFH4Rexnkqn1DPVGN:A4fdNjtHYXHlGV4arn1D

Malware Config

Targets

    • Target

      4702bb70196fe10d61993bfe8f54da76_JaffaCakes118

    • Size

      395KB

    • MD5

      4702bb70196fe10d61993bfe8f54da76

    • SHA1

      e546e0859edfeaae9a516d57a1b934c75bcb74b9

    • SHA256

      d905b57d7913430f33e03ab345a0d10f8d64b2132622de69905e631aa74ec9cb

    • SHA512

      1634cdc2c2f8971f48369af01f70aaa45aff00d5f1e9f6d5009e998fb7d257b242ccc3dfca91ac677bcef07577c0ece30dec3d77bad68b39128103ca6d948d22

    • SSDEEP

      6144:VG4GadNgCZtHYi7S82RRxysGFH4Rexnkqn1DPVGN:A4fdNjtHYXHlGV4arn1D

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Impact

Defacement

1
T1491

Tasks