Overview

overview

9

Static

static

3

3c8acc38fe...18.exe

windows7-x64

9

3c8acc38fe...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c8acc38feb67f0dd453387356e8b825_JaffaCakes118

  • Size

    14KB

  • Sample

    241012-28re1awhnb

  • MD5

    3c8acc38feb67f0dd453387356e8b825

  • SHA1

    b2eed31398235e0932aa845d94de886677e95e49

  • SHA256

    37c6cf387efb056c47933bcf3791c2e929cef8e2c2192a2c5295e53bf81c62e9

  • SHA512

    4344f823c67534e9e99c5e44b7b8c92efe65694d40a16a03fa5d2aaf31dd6b5bbf1ab635a7f3b9b95bde533aeaf736c61cebb434309b0f0958b59cc0c6424b51

  • SSDEEP

    384:WpZrQ4S9p3hi6Pre6yhEH9/xJJ0l+4q8Hz68arF:Wvvti9xEVT6pF

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      3c8acc38feb67f0dd453387356e8b825_JaffaCakes118

    • Size

      14KB

    • MD5

      3c8acc38feb67f0dd453387356e8b825

    • SHA1

      b2eed31398235e0932aa845d94de886677e95e49

    • SHA256

      37c6cf387efb056c47933bcf3791c2e929cef8e2c2192a2c5295e53bf81c62e9

    • SHA512

      4344f823c67534e9e99c5e44b7b8c92efe65694d40a16a03fa5d2aaf31dd6b5bbf1ab635a7f3b9b95bde533aeaf736c61cebb434309b0f0958b59cc0c6424b51

    • SSDEEP

      384:WpZrQ4S9p3hi6Pre6yhEH9/xJJ0l+4q8Hz68arF:Wvvti9xEVT6pF

    Score
    9/10
    discoveryransomwarespywarestealer

    • Renames multiple (2618) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks