Overview

overview

10

Static

static

10

4e061044f7...18.exe

windows7-x64

9

4e061044f7...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118

  • Size

    12KB

  • Sample

    241016-vnahesvdrl

  • MD5

    4e061044f7012bf4b7f5059f110bf5c9

  • SHA1

    b205d7efe6aa7cb12453b43a06821e886d1659da

  • SHA256

    c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8

  • SHA512

    839c936b275d6f114871157cfcf69ef4ee93ab04f8665fc8e89abc4f399a90e09665e2add0e28fc8885ae3a437a9fd32987166ad0aea3cb512b1f72c52e2080c

  • SSDEEP

    192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMNP3ciaff:GebFNw4Pk1itKkpAjjI2YpdmNPsi

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118

    • Size

      12KB

    • MD5

      4e061044f7012bf4b7f5059f110bf5c9

    • SHA1

      b205d7efe6aa7cb12453b43a06821e886d1659da

    • SHA256

      c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8

    • SHA512

      839c936b275d6f114871157cfcf69ef4ee93ab04f8665fc8e89abc4f399a90e09665e2add0e28fc8885ae3a437a9fd32987166ad0aea3cb512b1f72c52e2080c

    • SSDEEP

      192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMNP3ciaff:GebFNw4Pk1itKkpAjjI2YpdmNPsi

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2526) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks