General
-
Target
56f16414e71c5263c57a4ce7733c70b5_JaffaCakes118
-
Size
217KB
-
Sample
241018-mkad9asbkd
-
MD5
56f16414e71c5263c57a4ce7733c70b5
-
SHA1
d74ea238db6e0870422f6dcc4fef83964a380d1a
-
SHA256
821945dd5882aad4181fcb2670a26cc322224f9f677e5df26f7e708ced0ab6a3
-
SHA512
a492452c26f6c6d36853edcd13db03645442ea82c761940a1c0f96bc0fab7269fbb99c2e83350ecc06143cb142ddcadc6fce2ea32312440fc985b163b60d46ca
-
SSDEEP
6144:dC61i972KJmciP8yGw44DQFu/U3buRKlemZ9DnGAe6MTgGkT/+:dK972P/kyGv4DQFu/U3buRKlemZ9DnGm
Behavioral task
behavioral1
Sample
56f16414e71c5263c57a4ce7733c70b5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
56f16414e71c5263c57a4ce7733c70b5_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
56f16414e71c5263c57a4ce7733c70b5_JaffaCakes118
-
Size
217KB
-
MD5
56f16414e71c5263c57a4ce7733c70b5
-
SHA1
d74ea238db6e0870422f6dcc4fef83964a380d1a
-
SHA256
821945dd5882aad4181fcb2670a26cc322224f9f677e5df26f7e708ced0ab6a3
-
SHA512
a492452c26f6c6d36853edcd13db03645442ea82c761940a1c0f96bc0fab7269fbb99c2e83350ecc06143cb142ddcadc6fce2ea32312440fc985b163b60d46ca
-
SSDEEP
6144:dC61i972KJmciP8yGw44DQFu/U3buRKlemZ9DnGAe6MTgGkT/+:dK972P/kyGv4DQFu/U3buRKlemZ9DnGm
-
Detects Zeppelin payload
-
Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (7361) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1