General
-
Target
d54e43c271a8d379e2c77b9902ede544_JaffaCakes118
-
Size
184KB
-
Sample
240908-3qcdsstend
-
MD5
d54e43c271a8d379e2c77b9902ede544
-
SHA1
9d46aa0d4621335fb1a8496564f64f5a7edf1b4e
-
SHA256
998ff68cb64a06a233007f450b9156dfed770cc4cf6321e0e2ac2400db1be281
-
SHA512
5e75c52914f83676a36d505834754447ac0c86dc2bfba454cb4e6de9dea1289f0ba32253bc7036dc90ef1181e9bb6fea03b81a88adced295192bc2ac04b9ddba
-
SSDEEP
3072:HnIBtQnE7OhssdWJ5jy392aCmCbBqOS2zxLLjD6+s3WTe0K+cnJJUwlJQ4AX40bJ:Cqvhssdu5jyYaCmCQOS2z4f3WI+cJKwo
Malware Config
Targets
-
-
Target
d54e43c271a8d379e2c77b9902ede544_JaffaCakes118
-
Size
184KB
-
MD5
d54e43c271a8d379e2c77b9902ede544
-
SHA1
9d46aa0d4621335fb1a8496564f64f5a7edf1b4e
-
SHA256
998ff68cb64a06a233007f450b9156dfed770cc4cf6321e0e2ac2400db1be281
-
SHA512
5e75c52914f83676a36d505834754447ac0c86dc2bfba454cb4e6de9dea1289f0ba32253bc7036dc90ef1181e9bb6fea03b81a88adced295192bc2ac04b9ddba
-
SSDEEP
3072:HnIBtQnE7OhssdWJ5jy392aCmCbBqOS2zxLLjD6+s3WTe0K+cnJJUwlJQ4AX40bJ:Cqvhssdu5jyYaCmCQOS2z4f3WI+cJKwo
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-