General
-
Target
60b0ac974a467a22c94b276638c3f234_JaffaCakes118
-
Size
322KB
-
Sample
241020-gnb5csselg
-
MD5
60b0ac974a467a22c94b276638c3f234
-
SHA1
120645c8069da60460d1014c40cacbcda94b5ed1
-
SHA256
62d0d434aab2f9493f4c9fbe3b0d771f25cb0eaa2b4ef37d17c89b4fede2e72f
-
SHA512
ae01da5e4d0684452391d9e92126f822d4ddbc987115842b3fc6c937e061dc251bb5e6ea22027e254fbb945b4f697cd0638602bc779558483983d6d048c19279
-
SSDEEP
6144:7iRTqi/NASvZZBTlxXK0Sh4HOaz/vbN1icNW/R3:GRv/eCZn3mSv+TR3
Static task
static1
Behavioral task
behavioral1
Sample
60b0ac974a467a22c94b276638c3f234_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
60b0ac974a467a22c94b276638c3f234_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
60b0ac974a467a22c94b276638c3f234_JaffaCakes118
-
Size
322KB
-
MD5
60b0ac974a467a22c94b276638c3f234
-
SHA1
120645c8069da60460d1014c40cacbcda94b5ed1
-
SHA256
62d0d434aab2f9493f4c9fbe3b0d771f25cb0eaa2b4ef37d17c89b4fede2e72f
-
SHA512
ae01da5e4d0684452391d9e92126f822d4ddbc987115842b3fc6c937e061dc251bb5e6ea22027e254fbb945b4f697cd0638602bc779558483983d6d048c19279
-
SSDEEP
6144:7iRTqi/NASvZZBTlxXK0Sh4HOaz/vbN1icNW/R3:GRv/eCZn3mSv+TR3
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-