General
-
Target
66820e8a4a1816efdf10334cfafcb7ed_JaffaCakes118
-
Size
554KB
-
Sample
240522-jhcvtage48
-
MD5
66820e8a4a1816efdf10334cfafcb7ed
-
SHA1
4a2ea22822ef065f464efa5ba0ddb1148d7c8395
-
SHA256
8ca19391c24cf4de90d377baabdec11e592dd679489ce7d3b797462d779002f9
-
SHA512
977161210c399d4b2a8a5a2aa3c0f4232be32753905a7a941b1239d245cd5bef0046b3170cb3b774c7667f3dd7e01f6acea7690760fcab30347e8b870c7ffab4
-
SSDEEP
12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqI:nLueaKR72qKoe/EhdKYavI
Malware Config
Targets
-
-
Target
66820e8a4a1816efdf10334cfafcb7ed_JaffaCakes118
-
Size
554KB
-
MD5
66820e8a4a1816efdf10334cfafcb7ed
-
SHA1
4a2ea22822ef065f464efa5ba0ddb1148d7c8395
-
SHA256
8ca19391c24cf4de90d377baabdec11e592dd679489ce7d3b797462d779002f9
-
SHA512
977161210c399d4b2a8a5a2aa3c0f4232be32753905a7a941b1239d245cd5bef0046b3170cb3b774c7667f3dd7e01f6acea7690760fcab30347e8b870c7ffab4
-
SSDEEP
12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqI:nLueaKR72qKoe/EhdKYavI
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-