Overview

overview

10

Static

static

10

7ed2a8f267...18.exe

windows7-x64

9

7ed2a8f267...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118

  • Size

    12KB

  • Sample

    241030-mj8wes1hjj

  • MD5

    7ed2a8f26751a06acff7ab672d8ddbf7

  • SHA1

    6eccc8b87bbc5575c3d06c1b459aa852ea073085

  • SHA256

    d0d08712c9a16bafbcf63c8ead779c466a9f7b5f4ffc5a496f79cf030e6b486b

  • SHA512

    b3dc7cf000378695cbb0a6b431104d8ae8329c0d4a58e872ed4b1c0939d45a7944be84645303726327b790005e7e3ff469234a8193586895c74a8187e6ff5036

  • SSDEEP

    192:Vu1/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMEmIKZTf:Vu1ebFNw4Pk1itKkpAjjI2YpdmEmIKZ

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      7ed2a8f26751a06acff7ab672d8ddbf7_JaffaCakes118

    • Size

      12KB

    • MD5

      7ed2a8f26751a06acff7ab672d8ddbf7

    • SHA1

      6eccc8b87bbc5575c3d06c1b459aa852ea073085

    • SHA256

      d0d08712c9a16bafbcf63c8ead779c466a9f7b5f4ffc5a496f79cf030e6b486b

    • SHA512

      b3dc7cf000378695cbb0a6b431104d8ae8329c0d4a58e872ed4b1c0939d45a7944be84645303726327b790005e7e3ff469234a8193586895c74a8187e6ff5036

    • SSDEEP

      192:Vu1/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMEmIKZTf:Vu1ebFNw4Pk1itKkpAjjI2YpdmEmIKZ

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks