Extracted

• • Target

    5d81e04abea581cd314aceabafaaff18_JaffaCakes118

  • Size

    406KB

  • MD5

    5d81e04abea581cd314aceabafaaff18

  • SHA1

    e71254283e5fe4701eea95c0bab62cc794f38cdc

  • SHA256

    d37f1e805b3f9873ce76f18ea930c6fa0a7b8a9d6bc319404471e70e396f791a

  • SHA512

    6c50e72f37ccbb5f7ce7130b2607fa668bff238ced5f3d646c4f6c6dfdcd873706e96d5e3bf8a16cc32b52322ec71c06056df44dc65b33ec60602faa048343a0

  • SSDEEP

    6144:K9iqsrJ0LOMc6iAOhgrwOaSq1YXyDTQHZgpNMUpmC+OkykD+Wyasv:Kgqslsc5fUcGnHSpN7ICCyi1I

  Score

  10^/10

  teslacryptdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

  • TeslaCrypt, AlphaCrypt

    Ransomware based on CryptoLocker. Shut down by the developers in 2016.

    ransomwareteslacrypt

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (429) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2