General
-
Target
7034f17b2033bfd5ef9b0f81ce598da3_JaffaCakes118
-
Size
425KB
-
Sample
240524-3xg8mafg59
-
MD5
7034f17b2033bfd5ef9b0f81ce598da3
-
SHA1
959817c12dba46ce4e4595bf4f2374aadf52e8ef
-
SHA256
33175665dc003a737e982c767890412e57ea2ae96f25fd8535637f5894ff2074
-
SHA512
1390d2b6e58644238efb174f7b2726a5152e5b183dbbe4c02b0cacf796309df24c5e9bc4a4f26f1c525ae863f353020dcd6a63fa84afa6448072df87199a07c4
-
SSDEEP
6144:PqhlBy1+NR0frxdc6Dps/ep5NKWNzYXPAA5+VUbvpQhcHGBeBZq6wbTHK+5URA:PAlBpNR0fHcoNKWN7AQKG8BCbTHD9
Malware Config
Targets
-
-
Target
7034f17b2033bfd5ef9b0f81ce598da3_JaffaCakes118
-
Size
425KB
-
MD5
7034f17b2033bfd5ef9b0f81ce598da3
-
SHA1
959817c12dba46ce4e4595bf4f2374aadf52e8ef
-
SHA256
33175665dc003a737e982c767890412e57ea2ae96f25fd8535637f5894ff2074
-
SHA512
1390d2b6e58644238efb174f7b2726a5152e5b183dbbe4c02b0cacf796309df24c5e9bc4a4f26f1c525ae863f353020dcd6a63fa84afa6448072df87199a07c4
-
SSDEEP
6144:PqhlBy1+NR0frxdc6Dps/ep5NKWNzYXPAA5+VUbvpQhcHGBeBZq6wbTHK+5URA:PAlBpNR0fHcoNKWN7AQKG8BCbTHD9
Score9/10-
Contacts a large (13274) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Adds policy Run key to start application
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-