Overview

overview

10

Static

static

10

25072c88a3...18.exe

windows7-x64

9

25072c88a3...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25072c88a3a9820ed4496db76b23554f_JaffaCakes118

  • Size

    12KB

  • Sample

    241008-zahzvstcmq

  • MD5

    25072c88a3a9820ed4496db76b23554f

  • SHA1

    9d69236052d8fb277f1a8de8f688ad9115dd1635

  • SHA256

    7a7ff70232ace931e089caa1a518439fb7d8c696f78ad962bb727d75ee4a0da9

  • SHA512

    ab1b6d691a683d7620818d92aac2fc05dfefe45fa93a1e5823f6fa69e39a465337aacd713ac51c0f89a3ade072247d499478b86a9fc0ccdabf64b1fb2a97cee3

  • SSDEEP

    192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9e:JebFNw4Pk1itKkpAjjJs6B40WCyWOH

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      25072c88a3a9820ed4496db76b23554f_JaffaCakes118

    • Size

      12KB

    • MD5

      25072c88a3a9820ed4496db76b23554f

    • SHA1

      9d69236052d8fb277f1a8de8f688ad9115dd1635

    • SHA256

      7a7ff70232ace931e089caa1a518439fb7d8c696f78ad962bb727d75ee4a0da9

    • SHA512

      ab1b6d691a683d7620818d92aac2fc05dfefe45fa93a1e5823f6fa69e39a465337aacd713ac51c0f89a3ade072247d499478b86a9fc0ccdabf64b1fb2a97cee3

    • SSDEEP

      192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9e:JebFNw4Pk1itKkpAjjJs6B40WCyWOH

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2221) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks