General

  • Target

    4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118

  • Size

    271KB

  • Sample

    241016-xhb56szdnj

  • MD5

    4e7339f4f37cb50e00c6860979b28d8a

  • SHA1

    bc13410272c11732bb46755359a375c0f72adb3e

  • SHA256

    77659c50068e91462ede865d545e22cd1641e2f0af5fd7acf2026d22634ac024

  • SHA512

    c47af4e358ee7af84f70115bea4c1dc7f2d85b03b2cb77a76988f2d76e853b483633f3b71c1ce0b45ef2484776b01838d8db63829893fbfbea17efbe1b490248

  • SSDEEP

    3072:23/j+bW8akm1PFKoUS6ycFZ+E50G5NsrKJv5hPgge0GBsZ70Bw5q6DPx6+QXVjCp:2Ps+rKvzFZ+kx59PgWGWnD/UL4xMQP

Malware Config

Targets

    • Target

      4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118

    • Size

      271KB

    • MD5

      4e7339f4f37cb50e00c6860979b28d8a

    • SHA1

      bc13410272c11732bb46755359a375c0f72adb3e

    • SHA256

      77659c50068e91462ede865d545e22cd1641e2f0af5fd7acf2026d22634ac024

    • SHA512

      c47af4e358ee7af84f70115bea4c1dc7f2d85b03b2cb77a76988f2d76e853b483633f3b71c1ce0b45ef2484776b01838d8db63829893fbfbea17efbe1b490248

    • SSDEEP

      3072:23/j+bW8akm1PFKoUS6ycFZ+E50G5NsrKJv5hPgge0GBsZ70Bw5q6DPx6+QXVjCp:2Ps+rKvzFZ+kx59PgWGWnD/UL4xMQP

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks