Overview

overview

10

Static

static

10

47b4c6909e...18.exe

windows7-x64

9

47b4c6909e...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118

  • Size

    5.9MB

  • Sample

    241015-n8pphsxcpm

  • MD5

    47b4c6909ea7ebce5dd941330c7c71fd

  • SHA1

    cffc9e1dd3d86482859afacd273c5a803e8b774a

  • SHA256

    035576c925cc6753d2f0d3e0e082f0b020beb962e20fe4952d0723ba75dac0dc

  • SHA512

    f8324e9ddf6ff738046085f5b28350cfb664e2e7d4bc7d09a28b5995315d4709ae451da4802d1d1aa2ce1d9398e05601bdeddcdc49d857602be33825cfbadd9e

  • SSDEEP

    1536:AOhiB+gx9dAVvu4+ZC4pKcCOLad2IK1LLLT6yAMxhgnc9YFIlBW+Rkha2yK25g66:R

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118

    • Size

      5.9MB

    • MD5

      47b4c6909ea7ebce5dd941330c7c71fd

    • SHA1

      cffc9e1dd3d86482859afacd273c5a803e8b774a

    • SHA256

      035576c925cc6753d2f0d3e0e082f0b020beb962e20fe4952d0723ba75dac0dc

    • SHA512

      f8324e9ddf6ff738046085f5b28350cfb664e2e7d4bc7d09a28b5995315d4709ae451da4802d1d1aa2ce1d9398e05601bdeddcdc49d857602be33825cfbadd9e

    • SSDEEP

      1536:AOhiB+gx9dAVvu4+ZC4pKcCOLad2IK1LLLT6yAMxhgnc9YFIlBW+Rkha2yK25g66:R

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2150) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks