Extracted

Extracted

• • Target

    8c7fc6b38e8f927f2a8e8888bbc3545c_JaffaCakes118

  • Size

    484KB

  • MD5

    8c7fc6b38e8f927f2a8e8888bbc3545c

  • SHA1

    b017d494790f3862a6851919f981e25dab8eebaa

  • SHA256

    ddc22b54761307cf1af200cbbfdedc44bb76aa3d876155c6570b1729a7eaaa57

  • SHA512

    7792e9b8029040eff7c7bb71cba4d938f7a6464276311adb5fd443ebbdafcb3533d7c120cfbab9ecd6b7e30762c37c5b3af1844f2b03db0cf6732a5dd02d0fad

  • SSDEEP

    6144:0utAHuAX1/7zv+Ul4s/KFxhNDPPHf2TNhOAL68v6RD/Nqr49Jr:0xHu4/H6xhtPPHf2JhTxvU/4rI

  Score

  10^/10

  teslacryptdefense_evasionexecutionimpactpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (421) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2