1909159c63936435fe8ce2314df44967565a69c80598e6cd793da9822d5b45a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

675016b141e6cacd65602b49878a8fc5_JaffaCakes118
Size

156KB
Sample

240723-m4l76ascrh
MD5

675016b141e6cacd65602b49878a8fc5
SHA1

9157bbd646455a13d4c69483c98101c752989d31
SHA256

1909159c63936435fe8ce2314df44967565a69c80598e6cd793da9822d5b45a4
SHA512

488c268f76e1dd64c0afa9d1fdc6f4ff2f3a5a58d65155c33204186eba3245e590be21f6b2e56ccee0e1923763e2ffd06fd298ed1e636441f958f1907b226b10
SSDEEP

3072:Lf2NJlrelZSlwHvmTKcfhjFtyot72V118CZMQC+1yo:KJlqluwmG+5ootS18CZMQJ1yo

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  675016b141e6cacd65602b49878a8fc5_JaffaCakes118
- Size
  
  156KB
- MD5
  
  675016b141e6cacd65602b49878a8fc5
- SHA1
  
  9157bbd646455a13d4c69483c98101c752989d31
- SHA256
  
  1909159c63936435fe8ce2314df44967565a69c80598e6cd793da9822d5b45a4
- SHA512
  
  488c268f76e1dd64c0afa9d1fdc6f4ff2f3a5a58d65155c33204186eba3245e590be21f6b2e56ccee0e1923763e2ffd06fd298ed1e636441f958f1907b226b10
- SSDEEP
  
  3072:Lf2NJlrelZSlwHvmTKcfhjFtyot72V118CZMQC+1yo:KJlqluwmG+5ootS18CZMQJ1yo
Score

9^/10

persistence ransomware spyware stealer
- Renames multiple (176) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealer

behavioral2

persistenceransomwarespywarestealer