Overview

overview

10

Static

static

10

29f9edc47d...18.exe

windows7-x64

9

29f9edc47d...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118

  • Size

    12KB

  • Sample

    241009-d1dl6szhjr

  • MD5

    29f9edc47d72ac96df4a3ea87aad702f

  • SHA1

    0a4efa8625493e2219a13886aee39d6e41e41fd2

  • SHA256

    04415787392af016733a5dc1ee307d9295822db1f1eba59c49eaff8e54c63c2e

  • SHA512

    28e6f3a3dac134d9dc6c97e6d69340d72fb882a0e67c1cb0aeb625d2d80410b8b1f89d2b0b9ba63d40d08a5feee3d0d07ccffd545f85729308be49bf61d6f626

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMwHPab:eebFNw4Pk1itKkpAjjI2YpdmwHy

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      29f9edc47d72ac96df4a3ea87aad702f_JaffaCakes118

    • Size

      12KB

    • MD5

      29f9edc47d72ac96df4a3ea87aad702f

    • SHA1

      0a4efa8625493e2219a13886aee39d6e41e41fd2

    • SHA256

      04415787392af016733a5dc1ee307d9295822db1f1eba59c49eaff8e54c63c2e

    • SHA512

      28e6f3a3dac134d9dc6c97e6d69340d72fb882a0e67c1cb0aeb625d2d80410b8b1f89d2b0b9ba63d40d08a5feee3d0d07ccffd545f85729308be49bf61d6f626

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMwHPab:eebFNw4Pk1itKkpAjjI2YpdmwHy

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2204) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks