Overview

overview

10

Static

static

10

6135349bfb...18.exe

windows7-x64

9

6135349bfb...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6135349bfbaacddca58ae566fc235491_JaffaCakes118

  • Size

    18KB

  • Sample

    241020-j2l8lazcpl

  • MD5

    6135349bfbaacddca58ae566fc235491

  • SHA1

    711d8a91866a1012b8d55381a45af5cc71eca140

  • SHA256

    a1ca366e1ec7f9d391254bb5d45cc0261a3b2a6a2352f11527c51208a1c137f5

  • SHA512

    6f4189a18df4296e43e987496513628633ef3b6e6d391ff7e31bd39b49c656c3708b03f81f60c0e6282381520c13a892242753e645366af1dc449879e7cc8601

  • SSDEEP

    384:eebFNw4Pk1itKkpAjjI2YpdmVa4Vg48JrX:e0FmBkpKjPYpjFX

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      6135349bfbaacddca58ae566fc235491_JaffaCakes118

    • Size

      18KB

    • MD5

      6135349bfbaacddca58ae566fc235491

    • SHA1

      711d8a91866a1012b8d55381a45af5cc71eca140

    • SHA256

      a1ca366e1ec7f9d391254bb5d45cc0261a3b2a6a2352f11527c51208a1c137f5

    • SHA512

      6f4189a18df4296e43e987496513628633ef3b6e6d391ff7e31bd39b49c656c3708b03f81f60c0e6282381520c13a892242753e645366af1dc449879e7cc8601

    • SSDEEP

      384:eebFNw4Pk1itKkpAjjI2YpdmVa4Vg48JrX:e0FmBkpKjPYpjFX

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2189) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks