Overview

overview

10

Static

static

10

84e838af1e...18.exe

windows7-x64

9

84e838af1e...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84e838af1e1b7d9cb96ccdf6236f475b_JaffaCakes118

  • Size

    12KB

  • Sample

    241102-jrhgnayqb1

  • MD5

    84e838af1e1b7d9cb96ccdf6236f475b

  • SHA1

    04824c153c289176e83dc6e64f91dac8d6e9a21b

  • SHA256

    be84021925092626bd493b3aa37bd9caef50a23d6ace807b513324dbffd3a4a5

  • SHA512

    ed0e88044a58cce3fb35637723220fe111d084fbeeecdb4c49756e7359e97437ebfac57aead52e61b9a394c8df3267e2995f6696a9c5fbd1e8a6ed734f5c52a9

  • SSDEEP

    192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMkw4Cje:yebFNw4Pk1itKkpAjjI2Ypdmkwxje

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      84e838af1e1b7d9cb96ccdf6236f475b_JaffaCakes118

    • Size

      12KB

    • MD5

      84e838af1e1b7d9cb96ccdf6236f475b

    • SHA1

      04824c153c289176e83dc6e64f91dac8d6e9a21b

    • SHA256

      be84021925092626bd493b3aa37bd9caef50a23d6ace807b513324dbffd3a4a5

    • SHA512

      ed0e88044a58cce3fb35637723220fe111d084fbeeecdb4c49756e7359e97437ebfac57aead52e61b9a394c8df3267e2995f6696a9c5fbd1e8a6ed734f5c52a9

    • SSDEEP

      192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMkw4Cje:yebFNw4Pk1itKkpAjjI2Ypdmkwxje

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2158) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks