Overview

overview

10

Static

static

10

6eeaa0404f...18.exe

windows7-x64

9

6eeaa0404f...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6eeaa0404f1f4f3ba2f2d6b80daa4471_JaffaCakes118

  • Size

    12KB

  • Sample

    241023-pm3jxszdpg

  • MD5

    6eeaa0404f1f4f3ba2f2d6b80daa4471

  • SHA1

    f7cea6726016cba51087377f75d74c6266514a2c

  • SHA256

    ca3de1ceb19213fb7a0f369e779f3eb972c89b352ee87a436e79d6567b24f98c

  • SHA512

    2b9b30dbfeb4b8debdfa4c11a18135151c4308563d7e82a1890c551cac3f4a3e2a0599907a6239deb1fc62c56199002fb8b293a42d3c42b303b033b786ee5c12

  • SSDEEP

    192:Z/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMDS55e:ZebFNw4Pk1itKkpAjjJs6B40WDCe

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      6eeaa0404f1f4f3ba2f2d6b80daa4471_JaffaCakes118

    • Size

      12KB

    • MD5

      6eeaa0404f1f4f3ba2f2d6b80daa4471

    • SHA1

      f7cea6726016cba51087377f75d74c6266514a2c

    • SHA256

      ca3de1ceb19213fb7a0f369e779f3eb972c89b352ee87a436e79d6567b24f98c

    • SHA512

      2b9b30dbfeb4b8debdfa4c11a18135151c4308563d7e82a1890c551cac3f4a3e2a0599907a6239deb1fc62c56199002fb8b293a42d3c42b303b033b786ee5c12

    • SSDEEP

      192:Z/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMDS55e:ZebFNw4Pk1itKkpAjjJs6B40WDCe

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2216) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks