General
-
Target
ab99ec54288b827051a58ce498b5c53c_JaffaCakes118
-
Size
11.0MB
-
Sample
240819-s51ptssfld
-
MD5
ab99ec54288b827051a58ce498b5c53c
-
SHA1
9f80b7e76f4314eab482e95042dd8ad2f4c0bcb5
-
SHA256
b244a7ceb423e9bb387b27289b67d6e6a75cbbebf455de16d6d745caa040561f
-
SHA512
39280818b7dd94f2336747087ffa6c1e9ecd5b0910581be165b9c30d600326211b4ca701b8ca14a32c289c04f16799fd4cd148f4fea1e5f9db274e356d7d81ad
-
SSDEEP
98304:iE20IMzKpXOMGsIMzKpXOMGQ5IMzKpXOMGQTIMzKpXOMe:in0I2l6I2ly5I2lyTI2lN
Malware Config
Targets
-
-
Target
ab99ec54288b827051a58ce498b5c53c_JaffaCakes118
-
Size
11.0MB
-
MD5
ab99ec54288b827051a58ce498b5c53c
-
SHA1
9f80b7e76f4314eab482e95042dd8ad2f4c0bcb5
-
SHA256
b244a7ceb423e9bb387b27289b67d6e6a75cbbebf455de16d6d745caa040561f
-
SHA512
39280818b7dd94f2336747087ffa6c1e9ecd5b0910581be165b9c30d600326211b4ca701b8ca14a32c289c04f16799fd4cd148f4fea1e5f9db274e356d7d81ad
-
SSDEEP
98304:iE20IMzKpXOMGsIMzKpXOMGQ5IMzKpXOMGQTIMzKpXOMe:in0I2l6I2ly5I2lyTI2lN
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-