General
-
Target
ee98af6625db71981750d105c4950849_JaffaCakes118
-
Size
991KB
-
Sample
240920-2yc5matarj
-
MD5
ee98af6625db71981750d105c4950849
-
SHA1
a5a8d37ca219a08020c42c13b3fd0c615904e2e1
-
SHA256
ec4cd1b7ee4220b41cc739fdeafe4abef736b63942de482c2dac35bd5de7864d
-
SHA512
371e94baed164e451140c9c4f5c8774f85e387a1975c1fbfab509e126c74daa7b286e82a9da5d04ada78e8a148dac24c1d3b8b2f7db58caeed18f941fecb0de2
-
SSDEEP
24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv7:oEs1h5
Malware Config
Targets
-
-
Target
ee98af6625db71981750d105c4950849_JaffaCakes118
-
Size
991KB
-
MD5
ee98af6625db71981750d105c4950849
-
SHA1
a5a8d37ca219a08020c42c13b3fd0c615904e2e1
-
SHA256
ec4cd1b7ee4220b41cc739fdeafe4abef736b63942de482c2dac35bd5de7864d
-
SHA512
371e94baed164e451140c9c4f5c8774f85e387a1975c1fbfab509e126c74daa7b286e82a9da5d04ada78e8a148dac24c1d3b8b2f7db58caeed18f941fecb0de2
-
SSDEEP
24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJv7:oEs1h5
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-