General
-
Target
8b2ca8a838aa48b3bf2ead558613e2f2_JaffaCakes118
-
Size
841KB
-
Sample
240601-vts7qahe4y
-
MD5
8b2ca8a838aa48b3bf2ead558613e2f2
-
SHA1
da60316b1438ab05cde81c5afe8b50750f044031
-
SHA256
b6090311151750643b221bf5850ff84e7e070207d8363253073ff950949b7f64
-
SHA512
6b84c55eca3a83cdd82e5194625046a1d9f0d0ccff2d96693a4d88726e78f58fbab3f99ecfe7f1db5e34bae650055b19003002d2b2743784fb9a5dd47a96a5ad
-
SSDEEP
6144:9bizlGGu5kl+aJPUiMMSkOF0zQkXKujhwKbmTG9GLRCMzVnvEeg+rIaTXQMzqnh:9biRGGeGJPUtEjz8FLRCiVnvEe/rU
Malware Config
Targets
-
-
Target
8b2ca8a838aa48b3bf2ead558613e2f2_JaffaCakes118
-
Size
841KB
-
MD5
8b2ca8a838aa48b3bf2ead558613e2f2
-
SHA1
da60316b1438ab05cde81c5afe8b50750f044031
-
SHA256
b6090311151750643b221bf5850ff84e7e070207d8363253073ff950949b7f64
-
SHA512
6b84c55eca3a83cdd82e5194625046a1d9f0d0ccff2d96693a4d88726e78f58fbab3f99ecfe7f1db5e34bae650055b19003002d2b2743784fb9a5dd47a96a5ad
-
SSDEEP
6144:9bizlGGu5kl+aJPUiMMSkOF0zQkXKujhwKbmTG9GLRCMzVnvEeg+rIaTXQMzqnh:9biRGGeGJPUtEjz8FLRCiVnvEe/rU
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-