Overview

overview

10

Static

static

10

1c5eebf711...18.exe

windows7-x64

9

1c5eebf711...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118

  • Size

    12KB

  • Sample

    241007-jx55xaydra

  • MD5

    1c5eebf711526f07eafc4028c9a61ff1

  • SHA1

    8fac4cdebf2f939fb42580a6ffc680f132274389

  • SHA256

    13a1432fdda3d32060f5247a070c1c4cd1adfa76963fb476e9ab7688a8c8e7ea

  • SHA512

    8ac6d57417727805d74351b175ae074173df59950f2867d7676698b00fb1ad7505e46a8f201b97420b9f7266cdbc7fbe77c08649941a367e9f646b0ed0a4c3cc

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCDwys76:eebFNw4Pk1itKkpAjjI2YpdmCDZ

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      1c5eebf711526f07eafc4028c9a61ff1_JaffaCakes118

    • Size

      12KB

    • MD5

      1c5eebf711526f07eafc4028c9a61ff1

    • SHA1

      8fac4cdebf2f939fb42580a6ffc680f132274389

    • SHA256

      13a1432fdda3d32060f5247a070c1c4cd1adfa76963fb476e9ab7688a8c8e7ea

    • SHA512

      8ac6d57417727805d74351b175ae074173df59950f2867d7676698b00fb1ad7505e46a8f201b97420b9f7266cdbc7fbe77c08649941a367e9f646b0ed0a4c3cc

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCDwys76:eebFNw4Pk1itKkpAjjI2YpdmCDZ

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks