General
-
Target
67ba173a7bdf01c3016cdd70f40f45b5_JaffaCakes118
-
Size
265KB
-
Sample
240522-swnnxafg91
-
MD5
67ba173a7bdf01c3016cdd70f40f45b5
-
SHA1
23f7cb130a178507fd0437db28cfd2425c4caa2e
-
SHA256
db0e80189ecad474b3bb4539a9d0e3dd9e14057871ca9b8ece51400a72ebb84f
-
SHA512
fd9a2449febf26d44e3b3149ec1ca41d3c2a53e20a1d805e185f0461caf1349000ed88c7d2a800de372b54cc7692d2e695b90659a6fdf04dc6c97a0249af8cdf
-
SSDEEP
6144:BaHY0DNpINAEQksZu+JKrzvAPXrt8QmodL:BaHY0DNpINABZ9JKrTkOox
Static task
static1
Behavioral task
behavioral1
Sample
67ba173a7bdf01c3016cdd70f40f45b5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
67ba173a7bdf01c3016cdd70f40f45b5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Public\Videos\Restore-My-Files.txt
http://decrmbgpvh6kvmti.onion/
http://helpinfh6vj47ift.onion/
Targets
-
-
Target
67ba173a7bdf01c3016cdd70f40f45b5_JaffaCakes118
-
Size
265KB
-
MD5
67ba173a7bdf01c3016cdd70f40f45b5
-
SHA1
23f7cb130a178507fd0437db28cfd2425c4caa2e
-
SHA256
db0e80189ecad474b3bb4539a9d0e3dd9e14057871ca9b8ece51400a72ebb84f
-
SHA512
fd9a2449febf26d44e3b3149ec1ca41d3c2a53e20a1d805e185f0461caf1349000ed88c7d2a800de372b54cc7692d2e695b90659a6fdf04dc6c97a0249af8cdf
-
SSDEEP
6144:BaHY0DNpINAEQksZu+JKrzvAPXrt8QmodL:BaHY0DNpINABZ9JKrTkOox
Score10/10-
Renames multiple (6905) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-