Overview

overview

10

Static

static

10

0ac9c6feed...18.exe

windows7-x64

9

0ac9c6feed...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ac9c6feed95426d6d3ec9cae396baed_JaffaCakes118

  • Size

    12KB

  • Sample

    241002-p82vhsxclr

  • MD5

    0ac9c6feed95426d6d3ec9cae396baed

  • SHA1

    8285db1c3d05bbacc18e6851f6163732d9c87f84

  • SHA256

    df35e9e1d54768fd864ba8f9a74b0cacf9e1420845168cef71caae7ce677050c

  • SHA512

    7fff66e160b3e9ad430bd518874bb5d6d314c90c1e91e8d404f44fb132d3b749c51d698383042f22be1e1baadb375e229d77fa7026e149480d4afd25552730da

  • SSDEEP

    192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9Y:JebFNw4Pk1itKkpAjjJs6B40WCyWOh

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      0ac9c6feed95426d6d3ec9cae396baed_JaffaCakes118

    • Size

      12KB

    • MD5

      0ac9c6feed95426d6d3ec9cae396baed

    • SHA1

      8285db1c3d05bbacc18e6851f6163732d9c87f84

    • SHA256

      df35e9e1d54768fd864ba8f9a74b0cacf9e1420845168cef71caae7ce677050c

    • SHA512

      7fff66e160b3e9ad430bd518874bb5d6d314c90c1e91e8d404f44fb132d3b749c51d698383042f22be1e1baadb375e229d77fa7026e149480d4afd25552730da

    • SSDEEP

      192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9Y:JebFNw4Pk1itKkpAjjJs6B40WCyWOh

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks