General

  • Target

    60b0ac974a467a22c94b276638c3f234_JaffaCakes118

  • Size

    322KB

  • Sample

    241020-gnb5csselg

  • MD5

    60b0ac974a467a22c94b276638c3f234

  • SHA1

    120645c8069da60460d1014c40cacbcda94b5ed1

  • SHA256

    62d0d434aab2f9493f4c9fbe3b0d771f25cb0eaa2b4ef37d17c89b4fede2e72f

  • SHA512

    ae01da5e4d0684452391d9e92126f822d4ddbc987115842b3fc6c937e061dc251bb5e6ea22027e254fbb945b4f697cd0638602bc779558483983d6d048c19279

  • SSDEEP

    6144:7iRTqi/NASvZZBTlxXK0Sh4HOaz/vbN1icNW/R3:GRv/eCZn3mSv+TR3

Malware Config

Targets

    • Target

      60b0ac974a467a22c94b276638c3f234_JaffaCakes118

    • Size

      322KB

    • MD5

      60b0ac974a467a22c94b276638c3f234

    • SHA1

      120645c8069da60460d1014c40cacbcda94b5ed1

    • SHA256

      62d0d434aab2f9493f4c9fbe3b0d771f25cb0eaa2b4ef37d17c89b4fede2e72f

    • SHA512

      ae01da5e4d0684452391d9e92126f822d4ddbc987115842b3fc6c937e061dc251bb5e6ea22027e254fbb945b4f697cd0638602bc779558483983d6d048c19279

    • SSDEEP

      6144:7iRTqi/NASvZZBTlxXK0Sh4HOaz/vbN1icNW/R3:GRv/eCZn3mSv+TR3

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks