e0917bf89d0ec9b988f56dfc4637a7c6fe891823f1e38537c641c3bfd0800107 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96a657e39e49deb017c8d56b3744f55c_JaffaCakes118
Size

468KB
Sample

240814-stb74avarj
MD5

96a657e39e49deb017c8d56b3744f55c
SHA1

cc86eb4f1c07f5fa6bf85618dd87479d16c3eff0
SHA256

e0917bf89d0ec9b988f56dfc4637a7c6fe891823f1e38537c641c3bfd0800107
SHA512

d05a5b95b6de7e4916b9ddd8591d79221761956142f3198e5008cfce828a72a91f7f8dd43f6da2d759e16c2963e422cca54d2145d79bd74f1afa9f816b0945a7
SSDEEP

1536:G3PCCooceTgUTMHxKbWnl9KaaUGbzAdwl9XKbWfUTMHx5Coocel:G3PpTT7TMRKilI3HzKeBKisTMR+Tl

Score

9^/10

discovery evasion persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  96a657e39e49deb017c8d56b3744f55c_JaffaCakes118
- Size
  
  468KB
- MD5
  
  96a657e39e49deb017c8d56b3744f55c
- SHA1
  
  cc86eb4f1c07f5fa6bf85618dd87479d16c3eff0
- SHA256
  
  e0917bf89d0ec9b988f56dfc4637a7c6fe891823f1e38537c641c3bfd0800107
- SHA512
  
  d05a5b95b6de7e4916b9ddd8591d79221761956142f3198e5008cfce828a72a91f7f8dd43f6da2d759e16c2963e422cca54d2145d79bd74f1afa9f816b0945a7
- SSDEEP
  
  1536:G3PCCooceTgUTMHxKbWnl9KaaUGbzAdwl9XKbWfUTMHx5Coocel:G3PpTT7TMRKilI3HzKeBKisTMR+Tl
Score

9^/10

discovery evasion persistence ransomware spyware stealer
- Renames multiple (226) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceransomwarespywarestealer

behavioral2

discoveryransomware