Overview

overview

10

Static

static

10

237fc303a9...18.exe

windows7-x64

9

237fc303a9...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118

  • Size

    12KB

  • Sample

    241008-w7fzzswbng

  • MD5

    237fc303a9a0e0597c37879d8f88b88f

  • SHA1

    64afc6aa30a86b91408a098381d19b9391475a66

  • SHA256

    fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3

  • SHA512

    a7f7bcbd3dada653459d3ac9164da43e98e1d8d884826a60596c75a36128dcd62bb37b428599043b8c40dd470c601f1851b267b05c16977368fbd902116073e6

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCzU:eebFNw4Pk1itKkpAjjI2YpdmC

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      237fc303a9a0e0597c37879d8f88b88f_JaffaCakes118

    • Size

      12KB

    • MD5

      237fc303a9a0e0597c37879d8f88b88f

    • SHA1

      64afc6aa30a86b91408a098381d19b9391475a66

    • SHA256

      fd49e6fdfa73836aec606daa864204bd6af1227af7d51a326be17c871c6c8dd3

    • SHA512

      a7f7bcbd3dada653459d3ac9164da43e98e1d8d884826a60596c75a36128dcd62bb37b428599043b8c40dd470c601f1851b267b05c16977368fbd902116073e6

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMCzU:eebFNw4Pk1itKkpAjjI2YpdmC

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2206) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks