General
-
Target
4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118
-
Size
271KB
-
Sample
241016-xhb56szdnj
-
MD5
4e7339f4f37cb50e00c6860979b28d8a
-
SHA1
bc13410272c11732bb46755359a375c0f72adb3e
-
SHA256
77659c50068e91462ede865d545e22cd1641e2f0af5fd7acf2026d22634ac024
-
SHA512
c47af4e358ee7af84f70115bea4c1dc7f2d85b03b2cb77a76988f2d76e853b483633f3b71c1ce0b45ef2484776b01838d8db63829893fbfbea17efbe1b490248
-
SSDEEP
3072:23/j+bW8akm1PFKoUS6ycFZ+E50G5NsrKJv5hPgge0GBsZ70Bw5q6DPx6+QXVjCp:2Ps+rKvzFZ+kx59PgWGWnD/UL4xMQP
Static task
static1
Behavioral task
behavioral1
Sample
4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4e7339f4f37cb50e00c6860979b28d8a_JaffaCakes118
-
Size
271KB
-
MD5
4e7339f4f37cb50e00c6860979b28d8a
-
SHA1
bc13410272c11732bb46755359a375c0f72adb3e
-
SHA256
77659c50068e91462ede865d545e22cd1641e2f0af5fd7acf2026d22634ac024
-
SHA512
c47af4e358ee7af84f70115bea4c1dc7f2d85b03b2cb77a76988f2d76e853b483633f3b71c1ce0b45ef2484776b01838d8db63829893fbfbea17efbe1b490248
-
SSDEEP
3072:23/j+bW8akm1PFKoUS6ycFZ+E50G5NsrKJv5hPgge0GBsZ70Bw5q6DPx6+QXVjCp:2Ps+rKvzFZ+kx59PgWGWnD/UL4xMQP
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-