ca951f7c540941ee4be8a9284d30150ecef411107a0e62249a5f9954c1297ca5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66c96f2681a0979f28995f9eb864f715_JaffaCakes118
Size

175KB
Sample

240723-j321fawcqf
MD5

66c96f2681a0979f28995f9eb864f715
SHA1

e227cf15087bf98c588de3ee1b38c450b7b259b1
SHA256

ca951f7c540941ee4be8a9284d30150ecef411107a0e62249a5f9954c1297ca5
SHA512

664a667f51d7699f1b66091d5674b495b7c7bb6913b821d7c8d642ef2b2403611b27abf6c49fa3527347964512d61793901d8dbd1ed859eba9fb2e8834a9e161
SSDEEP

3072:mMkcPTF6QV8HNBBYiTpXEq7ndNiDDdwcwqKSncs4lzBAJ2BP+z1Sa2:5kcRwHNBBYsrnLiDDKTs4lmJ2BP+hSa2

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  66c96f2681a0979f28995f9eb864f715_JaffaCakes118
- Size
  
  175KB
- MD5
  
  66c96f2681a0979f28995f9eb864f715
- SHA1
  
  e227cf15087bf98c588de3ee1b38c450b7b259b1
- SHA256
  
  ca951f7c540941ee4be8a9284d30150ecef411107a0e62249a5f9954c1297ca5
- SHA512
  
  664a667f51d7699f1b66091d5674b495b7c7bb6913b821d7c8d642ef2b2403611b27abf6c49fa3527347964512d61793901d8dbd1ed859eba9fb2e8834a9e161
- SSDEEP
  
  3072:mMkcPTF6QV8HNBBYiTpXEq7ndNiDDdwcwqKSncs4lzBAJ2BP+z1Sa2:5kcRwHNBBYsrnLiDDKTs4lmJ2BP+hSa2
Score

9^/10

persistence ransomware spyware stealer
- Renames multiple (175) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer