General
-
Target
83366122929164c8f35fccad65a2f7b0_JaffaCakes118
-
Size
183KB
-
Sample
240530-gkk8vshf82
-
MD5
83366122929164c8f35fccad65a2f7b0
-
SHA1
ca6ea17dd6e85ebf638546b967e535995f5fe58c
-
SHA256
762767ec5af85af701088d29480b761fe53275c340734b99050500b18a065ae5
-
SHA512
0d3ad8799e36bd94781208637515c4d9351b4c75aaf82ed3cf2f16b946446357024eaf7ff255b88a0e9e33c1e3f7725deb66990519ed63d125303edb082d3243
-
SSDEEP
3072:n/BIkrLUkMZ2m7ksIS/bOpd5kyqdGev7:n/BIkfUV27sFbONkn
Static task
static1
Behavioral task
behavioral1
Sample
83366122929164c8f35fccad65a2f7b0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
83366122929164c8f35fccad65a2f7b0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\BWCLKMXN-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/244ce4abd72ced48
Extracted
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\XOJZHFWCA-MANUAL.txt
gandcrab
http://gandcrabmfe6mnef.onion/1096be7afce866af
Targets
-
-
Target
83366122929164c8f35fccad65a2f7b0_JaffaCakes118
-
Size
183KB
-
MD5
83366122929164c8f35fccad65a2f7b0
-
SHA1
ca6ea17dd6e85ebf638546b967e535995f5fe58c
-
SHA256
762767ec5af85af701088d29480b761fe53275c340734b99050500b18a065ae5
-
SHA512
0d3ad8799e36bd94781208637515c4d9351b4c75aaf82ed3cf2f16b946446357024eaf7ff255b88a0e9e33c1e3f7725deb66990519ed63d125303edb082d3243
-
SSDEEP
3072:n/BIkrLUkMZ2m7ksIS/bOpd5kyqdGev7:n/BIkfUV27sFbONkn
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (289) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-