Overview

overview

10

Static

static

10

4ce4910466...18.exe

windows7-x64

9

4ce4910466...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ce49104669a72c89847cbe9de7afd43_JaffaCakes118

  • Size

    18KB

  • Sample

    241016-pwcpvszdrc

  • MD5

    4ce49104669a72c89847cbe9de7afd43

  • SHA1

    4ad49b25e07e511b29444e36ceeec82b1ed72501

  • SHA256

    b43faab5a16b2328eb0a5e21a36a3b76ee90bb2d95d3bb2336f14209b49e8f26

  • SHA512

    028e4d47f41bfd10730ed3d06d1f59f1811f8758f6cd50aa358eb311e733d4e2237191277bc1df860bb5bc7fcb89e28a1da62d211931c1cf049c1ae404830772

  • SSDEEP

    384:OebFNw4Pk1itKkpAjjI2YpdmdVEVg48JrX:O0FmBkpKjPYpyFX

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      4ce49104669a72c89847cbe9de7afd43_JaffaCakes118

    • Size

      18KB

    • MD5

      4ce49104669a72c89847cbe9de7afd43

    • SHA1

      4ad49b25e07e511b29444e36ceeec82b1ed72501

    • SHA256

      b43faab5a16b2328eb0a5e21a36a3b76ee90bb2d95d3bb2336f14209b49e8f26

    • SHA512

      028e4d47f41bfd10730ed3d06d1f59f1811f8758f6cd50aa358eb311e733d4e2237191277bc1df860bb5bc7fcb89e28a1da62d211931c1cf049c1ae404830772

    • SSDEEP

      384:OebFNw4Pk1itKkpAjjI2YpdmdVEVg48JrX:O0FmBkpKjPYpyFX

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks