General
-
Target
102c9d8d99c9f453053d1f49620df11f_JaffaCakes118
-
Size
802KB
-
Sample
241003-xqsg5a1glm
-
MD5
102c9d8d99c9f453053d1f49620df11f
-
SHA1
47ab2f2f660832e3a38f6dee882431a5a2404729
-
SHA256
cdaf240960ef6c5d9b81b9843bafaa56700e8fa848dca85cb401061d22f5ec27
-
SHA512
adbe66cb6be6cbc082cda769caed32bd8bd8c514dfc229c54ea173385cfa4ff713b60327f550e27229732f2c1382e0038fe40c8ba16a5d0f5d44314a3a70a04e
-
SSDEEP
12288:FgORozerFqm6tU2L6kwt0Z9YlU+iyKAqYpBuT+ZlI4O3dRvUC8yr3e9JKjv6JfPf:FZRFxVYJL7jYlU3vAqYphHcLmwCdSRkj
Malware Config
Extracted
C:\ProgramData\pjhsmgj.html
http://tmc2ybfqzgkaeilm.onion.cab
http://tmc2ybfqzgkaeilm.tor2web.org
http://tmc2ybfqzgkaeilm.onion
Targets
-
-
Target
102c9d8d99c9f453053d1f49620df11f_JaffaCakes118
-
Size
802KB
-
MD5
102c9d8d99c9f453053d1f49620df11f
-
SHA1
47ab2f2f660832e3a38f6dee882431a5a2404729
-
SHA256
cdaf240960ef6c5d9b81b9843bafaa56700e8fa848dca85cb401061d22f5ec27
-
SHA512
adbe66cb6be6cbc082cda769caed32bd8bd8c514dfc229c54ea173385cfa4ff713b60327f550e27229732f2c1382e0038fe40c8ba16a5d0f5d44314a3a70a04e
-
SSDEEP
12288:FgORozerFqm6tU2L6kwt0Z9YlU+iyKAqYpBuT+ZlI4O3dRvUC8yr3e9JKjv6JfPf:FZRFxVYJL7jYlU3vAqYphHcLmwCdSRkj
Score10/10-
CTB-Locker
Ransomware family which uses Tor to hide its C2 communications.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
d9a3fc12d56726dde60c1ead1df366f7
-
SHA1
f531768159c14f07ac896437445652b33750a237
-
SHA256
401f1a02000ff7cf9853d964dcba77e6f0fa8e57256b11ed3c01171d7a97388a
-
SHA512
6b06e3446df419151dd20cdb1d9c595fe9fb0972e7dfc50dadeea9f868d8ef0cd4cefcb18c7ebfc0d2a3e9171f8aa1f9fe762f54c374667f6060e8ce7e845f51
Score3/10 -
-
-
Target
$PLUGINSDIR/coelenterates.dll
-
Size
382KB
-
MD5
f2ce2e755d4f18546550ae4a7f2a6626
-
SHA1
2d4c874c00dc8006a75bd8e700d77952a08d101f
-
SHA256
aa237a70b8b8c08f00bb26fa5c9529b2a41e20222c18d40244459baad2fed3c7
-
SHA512
5cb452aaf18ee58bb49fd03581c58f8edd5d9c9c087f95b29638069c6fa5ea08999fc29bee8c95d3f346e979a9fa42f59a01e41f1019c5ea58725ef2567e9855
-
SSDEEP
6144:Vv/FxTWxCtqpFpoHJKP9THXKyRo95uTLfkcvd4HIReF:5/FxTWE8pFpopKP1X3RUALHvd4oI
Score3/10 -