General
-
Target
6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118
-
Size
121KB
-
Sample
241023-s3gtyaxfpd
-
MD5
6fae4aed182cb0df0ed705acadee2fde
-
SHA1
4c212e5fc88686aa55a1e81f502950bdf89debfa
-
SHA256
a3003d38cb630a05180f512e9195af0148770caee1f45d340f99e79f45b9302c
-
SHA512
e39f3c279c05fbdc57828807e8de36307a685919b35f716011feb926d431f22233b34c0d8b8dcf551db07bc51bffb068bef76f1034c3e50155e6c16f987d44d7
-
SSDEEP
1536:nKAzN+LNdXRZ/65HY7zbbkGSQSuGFeUPNFR/1lykJ/qSwGlrNfHuoTNoM3dfv:3+1z/614bP2uEn1lyk12GlrNGjM3dfv
Static task
static1
Behavioral task
behavioral1
Sample
6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6fae4aed182cb0df0ed705acadee2fde_JaffaCakes118
-
Size
121KB
-
MD5
6fae4aed182cb0df0ed705acadee2fde
-
SHA1
4c212e5fc88686aa55a1e81f502950bdf89debfa
-
SHA256
a3003d38cb630a05180f512e9195af0148770caee1f45d340f99e79f45b9302c
-
SHA512
e39f3c279c05fbdc57828807e8de36307a685919b35f716011feb926d431f22233b34c0d8b8dcf551db07bc51bffb068bef76f1034c3e50155e6c16f987d44d7
-
SSDEEP
1536:nKAzN+LNdXRZ/65HY7zbbkGSQSuGFeUPNFR/1lykJ/qSwGlrNfHuoTNoM3dfv:3+1z/614bP2uEn1lyk12GlrNGjM3dfv
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-