a3003d38cb630a05180f512e9195af0148770caee1f45d340f99e79f45b9302c | Triage

Sharing

General

Target

6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118
Size

121KB
Sample

241023-s3gtyaxfpd
MD5

6fae4aed182cb0df0ed705acadee2fde
SHA1

4c212e5fc88686aa55a1e81f502950bdf89debfa
SHA256

a3003d38cb630a05180f512e9195af0148770caee1f45d340f99e79f45b9302c
SHA512

e39f3c279c05fbdc57828807e8de36307a685919b35f716011feb926d431f22233b34c0d8b8dcf551db07bc51bffb068bef76f1034c3e50155e6c16f987d44d7
SSDEEP

1536:nKAzN+LNdXRZ/65HY7zbbkGSQSuGFeUPNFR/1lykJ/qSwGlrNfHuoTNoM3dfv:3+1z/614bP2uEn1lyk12GlrNGjM3dfv

Score

9^/10

defense_evasion discovery execution impact persistence ransomware

Malware Config

Targets

- Target
  
  6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118
- Size
  
  121KB
- MD5
  
  6fae4aed182cb0df0ed705acadee2fde
- SHA1
  
  4c212e5fc88686aa55a1e81f502950bdf89debfa
- SHA256
  
  a3003d38cb630a05180f512e9195af0148770caee1f45d340f99e79f45b9302c
- SHA512
  
  e39f3c279c05fbdc57828807e8de36307a685919b35f716011feb926d431f22233b34c0d8b8dcf551db07bc51bffb068bef76f1034c3e50155e6c16f987d44d7
- SSDEEP
  
  1536:nKAzN+LNdXRZ/65HY7zbbkGSQSuGFeUPNFR/1lykJ/qSwGlrNfHuoTNoM3dfv:3+1z/614bP2uEn1lyk12GlrNGjM3dfv
Score

9^/10

defense_evasion discovery execution impact persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionimpactpersistenceransomware

behavioral2

discoverypersistence