Overview
overview
9Static
static
3gpg.exe
windows7-x64
1gpg.exe
windows10-2004-x64
1gpgconf.exe
windows7-x64
1gpgconf.exe
windows10-2004-x64
1libassuan-0.dll
windows7-x64
3libassuan-0.dll
windows10-2004-x64
3libgcrypt-20.dll
windows7-x64
1libgcrypt-20.dll
windows10-2004-x64
3libgpg-error-0.dll
windows7-x64
1libgpg-error-0.dll
windows10-2004-x64
1libnpth-0.dll
windows7-x64
1libnpth-0.dll
windows10-2004-x64
1libsqlite3-0.dll
windows7-x64
3libsqlite3-0.dll
windows10-2004-x64
3trkop.vbs
windows7-x64
9trkop.vbs
windows10-2004-x64
9zapa.bat
windows7-x64
7zapa.bat
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3General
-
Target
6f1449121c5a88a5fcfb408a5915543a_JaffaCakes118
-
Size
1.2MB
-
Sample
240524-tkp82abd7y
-
MD5
6f1449121c5a88a5fcfb408a5915543a
-
SHA1
e1ead1a83c4356a628fc22142652914e5f5242c4
-
SHA256
7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617
-
SHA512
fb1b2b19c190425ce72af8af399534b4b912f7fdc344ab93f595c33eb58fd2812cde4e9fc7c090a0c48de6458615f0b33a7b280aaa5076b86e49bff510ac105a
-
SSDEEP
24576:uij4cIfWZMDHDGGpjewI3TWacQjDnArnbzywHnlePH3+Ipi6HU:rIfWZM/GKjFuTh+bewFevOI8aU
Static task
static1
Behavioral task
behavioral1
Sample
gpg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
gpg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
gpgconf.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
gpgconf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
libassuan-0.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
libassuan-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
libgcrypt-20.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
libgcrypt-20.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
libgpg-error-0.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
libgpg-error-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
libnpth-0.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
libnpth-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
libsqlite3-0.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
libsqlite3-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
trkop.vbs
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
trkop.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
zapa.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
zapa.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
zlib1.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
zlib1.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
gpg.exe
-
Size
1.1MB
-
MD5
ffed73d78416e68f0af5eb9d539be746
-
SHA1
c4238312dde349c4f16505abe537e925cfeae1da
-
SHA256
a30c9de2a1317e9ac9da49bcf6b33c9dbd26724f70d4df6ae8fc4cc3449605ce
-
SHA512
45aaca162d844c8394c149eb4c272caf596b69c4f5351dc735b58b72e1033bc5ec2a945097ab1c8f13762dec68542d863afbc62b4f86da50bafb21766f594ca1
-
SSDEEP
24576:O7TNpt9OZUHFqL71sa/aqt95fb3POt49smQ19eFFZ7GrPPwz4baXgQnaFA:6TN8CFqtPrz3POt49ngF
Score1/10 -
-
-
Target
gpgconf.exe
-
Size
147KB
-
MD5
dc02c87e65311abdfef34e8724f4e65b
-
SHA1
cc3d4b60cc98e0d61f4ecca41a227ae5c1cc764e
-
SHA256
626d1b4bed319a2a158c96a6a0fe147b2ea82566e50374c792c51648806801a2
-
SHA512
ee67910373081238e07a101568749f14bb3cc61d7fc9d1df71cc1944be74168f7bfe761d96073b6ab4555247bc821ae6b00cc4c39b07e93606399958aae6c93f
-
SSDEEP
3072:f6/73a4HykdUtKZTAJhyg4z/M1F6rnHlTvLErZspNo:f+OkdVzk1F6blTvL1
Score1/10 -
-
-
Target
libassuan-0.dll
-
Size
77KB
-
MD5
baf6dcfd5eb06852939681f5209e9cdb
-
SHA1
36c6eb5e401d2c21fcbcb7bf833a41422e668469
-
SHA256
fc7a9a77d6bccb993185ebc71e8d223e698132f761aec65ab7590a7f028fb90b
-
SHA512
4bab1bad23df95c520dc40f6ccf9f11974aa895f0cfe7c9fb320caad5a2237aca695d23d0a06195325c4c3e19dc75d5aec7ee34a36bd7839a9c79bf3bdf95853
-
SSDEEP
1536:Atznsf5Dko+qtyNMoj6LXaq+FjCrBCBxYfJjvlbN+AL:AFgk0eMm62dcrBCvYfJlbNZ
Score3/10 -
-
-
Target
libgcrypt-20.dll
-
Size
979KB
-
MD5
e7f12f3680f5150e29994a500d7c022f
-
SHA1
b0021e21d16c0dd5fcd7e067d828e7372d164873
-
SHA256
9f2862f520943aff5a1825a0fb92a4e98757dabe557c89e92cb24d0523905df4
-
SHA512
d7cd75ee6a7d16a6a16eff446ccecd60ed531903ddacae10081835f803ba69c9ed10cbcb2e17e262960e156b407b844cba3c5890a56f633c0b84d5e0ff005e62
-
SSDEEP
12288:PdETpCAy8RMKOsF0zIcG8GxEruMWkVyc25lPSd/uCf:1AQlsOzIcGJuruMWrc2XPSdt
Score3/10 -
-
-
Target
libgpg-error-0.dll
-
Size
167KB
-
MD5
f00d0500d0e18f9cbbf24df4c867447f
-
SHA1
930c42e51296f9c706b683973d36b32401adea88
-
SHA256
2aef5c58f9454174d816729fce925919d8c5994a37f129288357bf8ec2b26783
-
SHA512
71f9d683ab1bbfe3ff247cdd2da99c29fdaf7c55489773aad58004ef853709d962de3f08f63b01bda3467366bf49eab4e86634e10837473446e9788df6d9682c
-
SSDEEP
3072:1VLFn1do/If9mvLJmVj+JP2xxFTTa6MpVf1JJKDo7wvQGxm8uNIW2A:vFn1db9mvLJmAurTaxVf1JJKDo7wvzxQ
Score1/10 -
-
-
Target
libnpth-0.dll
-
Size
27KB
-
MD5
e132eccf9a1eac741c9e9806a143c475
-
SHA1
e5420ea0a935e32a6b4634756345aa3d2174cac5
-
SHA256
30362bd4c6d7d2bf23f76b2d23a64dfdb79f3dd3f32478e6247d31cf1de78fc7
-
SHA512
3ea415452dd3ee9d0571c3ecad32cac2f24895cfaf8756bb3543a9e193deb46edee8fd73c38b188b44dd296fabe7013d74dfd4ca02e3a4485f339e6c49a1ff05
-
SSDEEP
384:S4Io6T8B6ShjRWuU4JfSZ1kUMqurUfc1ckt+w0WhGGdBAVXIZTmGiWmrzsgWlsAb:FRxYkUJE0WdBAVXIriDrzw/
Score1/10 -
-
-
Target
libsqlite3-0.dll
-
Size
795KB
-
MD5
3cdc28af73770e4a3068a47c094c73df
-
SHA1
f2ee14b5bd6f156a16def829e85fe4d5ad791dfd
-
SHA256
9d5d08972b624e5ef9cd9cef6e9fed21cca7972df624c3248992b96974afa3ae
-
SHA512
a055d712f4874d6239107e2ccbd751fd2de3d6a5db5e5f510e1e51b0a28591f60c56b0d0c11074308ad2afb6edae65d76c8318cbd8eac9278fe472fedc4479a6
-
SSDEEP
12288:58LF0+BcKh68H8vMwHvF/Jkbh84dQ64Jns0xmQak/lVTNRGwhP444dZIEqGw6KQc:KdBZ84Wq0xda4jhAZZzZtn/giGbfAK
Score3/10 -
-
-
Target
trkop.vbs
-
Size
4KB
-
MD5
e709fe17f4e7f99292b8685ddd0a0a7c
-
SHA1
f7f05bd5b2b4c134577a375f4d3d29fda36fc146
-
SHA256
101f060edf89f4362ee6657acc110f88d3140090fb676620049a2407b503b837
-
SHA512
58a3df44e7123d84abe59be6af06587845157f3e75132c0c55b891cd911c77ab0fa958eb1c395c17d34fec02fc07af93b57aa3188cb4bb9f66a251a9b23b9647
-
SSDEEP
96:UgWBAP2GmFP5AI2IYAvk4yZxIe2H132Tes2X2nj2jW32p2eR2p52pvc272nRgu/b:UAPbmFPrKlZxLk3uesceKso2eRo5okGY
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
zapa.bat
-
Size
494B
-
MD5
ef99b93eced6ca4bb4e1ea3406c46c8e
-
SHA1
2d5f1f4ce603a608ad709796dc94558a9d896d46
-
SHA256
7ce948f3b772b1829bf86cde37fa2f52916c5b1b5065b5207f7e1c2a423dd24e
-
SHA512
4ed77ef571aa7e5ba87e93e8bd7268026e78eccc5480c4fff787129c9ff273857b47986dea04273534d52ed99ec32a32d5bcbe131efbe768c6436eefd7ee6f08
Score7/10-
Deletes itself
-
-
-
Target
zlib1.dll
-
Size
99KB
-
MD5
caa9c3b04efe83d93a9e4cac94b8e4a9
-
SHA1
95499536603ea18daf9be781bd927908d8327ac4
-
SHA256
249221a372e83580fa03e789714117c709fc1ce55cb7372640895833916b9f04
-
SHA512
faf16f7941e7a4f8a1caa144b0f845c704d38420e3bf549cb8961089dc380d7b08ebf347934366a2ec9b42c69d32e5ac675d56dbed6ebe029cafc2c23410b3b3
-
SSDEEP
1536:bON+QZJpRJ1glrdXOW0nTEDIptmwRh4p1nToIf6IOqIOqIF4qY+O:0HpRkXOlsIpkwYdTBfI4qIF4qY+O
Score3/10 -