Overview

overview

9

Static

static

3

70b0fe3702...18.exe

windows7-x64

9

70b0fe3702...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70b0fe3702cbab6ab0c09a775fd6b539_JaffaCakes118

  • Size

    796KB

  • Sample

    240525-ds1rqscg73

  • MD5

    70b0fe3702cbab6ab0c09a775fd6b539

  • SHA1

    6b99372b8cc4ceb8ef678c74653e1471f69bc53f

  • SHA256

    5d8a701110d58ab7c1aa8bae6bc9d5358b8cd508115891320e6af6c68f3bbd74

  • SHA512

    8cbbfe51f93de5c8a075c7a031867a2f5e7b7681aff709b89008f276c9aa5fe74e3fc6865a0fc28550d3a2ec9892de3c5539dfd9b06ab938dcc2ed2e1cc3fd8c

  • SSDEEP

    12288:B6bzpTWdzHkaPqtzDQmSKebtX+74EXuJpZFuk+2YeEbv0BP78B:B6h9hzDQnE8SxeEb0Bg

Score
9/10
daveransomwarespywarestealer

Malware Config

Targets

    • Target

      70b0fe3702cbab6ab0c09a775fd6b539_JaffaCakes118

    • Size

      796KB

    • MD5

      70b0fe3702cbab6ab0c09a775fd6b539

    • SHA1

      6b99372b8cc4ceb8ef678c74653e1471f69bc53f

    • SHA256

      5d8a701110d58ab7c1aa8bae6bc9d5358b8cd508115891320e6af6c68f3bbd74

    • SHA512

      8cbbfe51f93de5c8a075c7a031867a2f5e7b7681aff709b89008f276c9aa5fe74e3fc6865a0fc28550d3a2ec9892de3c5539dfd9b06ab938dcc2ed2e1cc3fd8c

    • SSDEEP

      12288:B6bzpTWdzHkaPqtzDQmSKebtX+74EXuJpZFuk+2YeEbv0BP78B:B6h9hzDQnE8SxeEb0Bg

    Score
    9/10
    daveransomwarespywarestealer

    • Renames multiple (8017) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks