Overview

overview

10

Static

static

10

3092c202df...18.exe

windows7-x64

9

3092c202df...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3092c202df19f79307196091b81c323e_JaffaCakes118

  • Size

    27KB

  • Sample

    241010-stnwwssejh

  • MD5

    3092c202df19f79307196091b81c323e

  • SHA1

    20945dd8212f50769809bd7e11095a0c34d5a55d

  • SHA256

    ebd1ed6e81cbea1c8f6622d44b41b29f410ffde344110fe8e7c47930f0575326

  • SHA512

    e168c1632bd44e3ab12ce5f9403475134cfb0abf12e7c190738ad4efb875e792fb81ba18fd69b9a20f1bd4761330abe5eab643131c27bdbcca9fdac38f6f70a8

  • SSDEEP

    384:OebFNw4Pk1itKkpAjjI2YpdmjfE7fffTffsxajTdZRuXJei:O0FmBkpKjPYpqE7fffTffRZRu

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      3092c202df19f79307196091b81c323e_JaffaCakes118

    • Size

      27KB

    • MD5

      3092c202df19f79307196091b81c323e

    • SHA1

      20945dd8212f50769809bd7e11095a0c34d5a55d

    • SHA256

      ebd1ed6e81cbea1c8f6622d44b41b29f410ffde344110fe8e7c47930f0575326

    • SHA512

      e168c1632bd44e3ab12ce5f9403475134cfb0abf12e7c190738ad4efb875e792fb81ba18fd69b9a20f1bd4761330abe5eab643131c27bdbcca9fdac38f6f70a8

    • SSDEEP

      384:OebFNw4Pk1itKkpAjjI2YpdmjfE7fffTffsxajTdZRuXJei:O0FmBkpKjPYpqE7fffTffRZRu

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks