Overview

overview

9

Static

static

3

084775cdbf...18.exe

windows7-x64

9

084775cdbf...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084775cdbfe7f93941d1066986289090_JaffaCakes118

  • Size

    131KB

  • Sample

    241002-b1b28svaqe

  • MD5

    084775cdbfe7f93941d1066986289090

  • SHA1

    515240bff4df8e5915ac65285868ae00bea11e55

  • SHA256

    349cbbd86457d458895c5244a2c4fdbd1725fbfe1234ff58265c435748f9eb1b

  • SHA512

    ee3594eeea7a7760f66839a19e31953121066066461fd16a8088f621f55df4ee1cf4a9b1f11857b9cf384d58cc4a965630e316fbfbb06995a40696063a2f73e2

  • SSDEEP

    3072:ECmzzdcTtDRgEorpwbVLuP4l9WV1oqCgQfBUnPy8LDVBBh:EbOTttgTrayP4l9WV1oqCgQfBUPy8LDL

Score
9/10
defense_evasiondiscoveryexecutionimpactpersistenceransomware

Malware Config

Targets

    • Target

      084775cdbfe7f93941d1066986289090_JaffaCakes118

    • Size

      131KB

    • MD5

      084775cdbfe7f93941d1066986289090

    • SHA1

      515240bff4df8e5915ac65285868ae00bea11e55

    • SHA256

      349cbbd86457d458895c5244a2c4fdbd1725fbfe1234ff58265c435748f9eb1b

    • SHA512

      ee3594eeea7a7760f66839a19e31953121066066461fd16a8088f621f55df4ee1cf4a9b1f11857b9cf384d58cc4a965630e316fbfbb06995a40696063a2f73e2

    • SSDEEP

      3072:ECmzzdcTtDRgEorpwbVLuP4l9WV1oqCgQfBUnPy8LDVBBh:EbOTttgTrayP4l9WV1oqCgQfBUPy8LDL

    Score
    9/10
    defense_evasiondiscoveryexecutionimpactpersistenceransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks