Overview

overview

10

Static

static

10

16c6001adf...18.exe

windows7-x64

9

16c6001adf...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16c6001adf54919593915488e225947b_JaffaCakes118

  • Size

    12KB

  • Sample

    241005-jhysaaxeng

  • MD5

    16c6001adf54919593915488e225947b

  • SHA1

    8cfef41db89c68a74df25259f2f2d02cdd35053c

  • SHA256

    6cc5dde0b431c0c8cacf059979ba8218085b8a7a650ade8f3c4393185dfcbb93

  • SHA512

    807bb2774f242bd381ba93d132db9eee9008cae433dd2b9a1ae1335741675da2266a67aa1c871899a76f73db2466b3a49dc609230583aba4fdf333486269ed08

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMGgMoK7Cc:eebFNw4Pk1itKkpAjjI2YpdmGX7t

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      16c6001adf54919593915488e225947b_JaffaCakes118

    • Size

      12KB

    • MD5

      16c6001adf54919593915488e225947b

    • SHA1

      8cfef41db89c68a74df25259f2f2d02cdd35053c

    • SHA256

      6cc5dde0b431c0c8cacf059979ba8218085b8a7a650ade8f3c4393185dfcbb93

    • SHA512

      807bb2774f242bd381ba93d132db9eee9008cae433dd2b9a1ae1335741675da2266a67aa1c871899a76f73db2466b3a49dc609230583aba4fdf333486269ed08

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMGgMoK7Cc:eebFNw4Pk1itKkpAjjI2YpdmGX7t

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks