Overview

overview

10

Static

static

10

60a43781da...18.exe

windows7-x64

9

60a43781da...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60a43781da5d83dff9f52d7efec1ea22_JaffaCakes118

  • Size

    12KB

  • Sample

    241020-ger48asbjf

  • MD5

    60a43781da5d83dff9f52d7efec1ea22

  • SHA1

    e0d6f116f75991d848335767d6ba14b01d7ceef1

  • SHA256

    566942bc7ff74cca2b066a30883d51f68b7e66502f011fe93ab17aa4fe032918

  • SHA512

    f81b2d8383826fe53cff8781329ac146e631ee692b3db961447cc357438be41de20c25fee0b5b6b97c3e1cb68e75523753fd996c21e0e7cbd2b353532b8ecb5c

  • SSDEEP

    192:Yj7RW0nlABG/3Nfv8tiTV3HGc7EkpAqjEnTPu2q9C/YpXnAITZfPtRM1o:EWwB/3N38titKkpAqonTo2Ypdm1o

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      60a43781da5d83dff9f52d7efec1ea22_JaffaCakes118

    • Size

      12KB

    • MD5

      60a43781da5d83dff9f52d7efec1ea22

    • SHA1

      e0d6f116f75991d848335767d6ba14b01d7ceef1

    • SHA256

      566942bc7ff74cca2b066a30883d51f68b7e66502f011fe93ab17aa4fe032918

    • SHA512

      f81b2d8383826fe53cff8781329ac146e631ee692b3db961447cc357438be41de20c25fee0b5b6b97c3e1cb68e75523753fd996c21e0e7cbd2b353532b8ecb5c

    • SSDEEP

      192:Yj7RW0nlABG/3Nfv8tiTV3HGc7EkpAqjEnTPu2q9C/YpXnAITZfPtRM1o:EWwB/3N38titKkpAqonTo2Ypdm1o

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2211) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks