General
-
Target
8327db221adfbce5ad764b38406eb18d_JaffaCakes118
-
Size
65KB
-
Sample
241031-qn18xszrdl
-
MD5
8327db221adfbce5ad764b38406eb18d
-
SHA1
43feb642e53be99b8f957a49228ac49b4587e8f3
-
SHA256
f87c5dcdedd6fd11d77c53d10e4c9d01465507ff50e1e18d325636ff6f114b78
-
SHA512
e1ea2c6957032d32e1ed4ba206a3de01a128b5df720f48e9d80bb2bbb2b247a82186a124aa6e41fede659d79a4a418dbe79b265922970c1ee0fa1458f71c6576
-
SSDEEP
768:40FmBkpKjJH40pCJ8/n6U0SWvqLRjD/HIzZA74joVKQPF51a0RktftI0NQtomqTc:4OD0B/68WveXHIlMkGFvSKsQSf5FXi
Malware Config
Targets
-
-
Target
8327db221adfbce5ad764b38406eb18d_JaffaCakes118
-
Size
65KB
-
MD5
8327db221adfbce5ad764b38406eb18d
-
SHA1
43feb642e53be99b8f957a49228ac49b4587e8f3
-
SHA256
f87c5dcdedd6fd11d77c53d10e4c9d01465507ff50e1e18d325636ff6f114b78
-
SHA512
e1ea2c6957032d32e1ed4ba206a3de01a128b5df720f48e9d80bb2bbb2b247a82186a124aa6e41fede659d79a4a418dbe79b265922970c1ee0fa1458f71c6576
-
SSDEEP
768:40FmBkpKjJH40pCJ8/n6U0SWvqLRjD/HIzZA74joVKQPF51a0RktftI0NQtomqTc:4OD0B/68WveXHIlMkGFvSKsQSf5FXi
Score9/10-
Renames multiple (2214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-