Overview

overview

10

Static

static

10

97b7d4a413...18.exe

windows7-x64

9

97b7d4a413...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118

  • Size

    12KB

  • Sample

    241124-21f93avkbw

  • MD5

    97b7d4a4134cb830d4a9fa448efcaab6

  • SHA1

    a997e178f8884079396c873624294304a5a4b5ee

  • SHA256

    bef0e71324a5d67d2273244267041314001b8fb95ba1c8639d6a5a709e8eb080

  • SHA512

    dc665a8882609d40145623ed0bd65c1a819e143818338cd47d5eec1cbc7f6f62acdfbbd43993ba7b01fc0ab178c2a4f1c84b50120dbdadb61a1ae771c552a5ec

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRM18:eebFNw4Pk1itKkpAjjI2Ypdm1

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      97b7d4a4134cb830d4a9fa448efcaab6_JaffaCakes118

    • Size

      12KB

    • MD5

      97b7d4a4134cb830d4a9fa448efcaab6

    • SHA1

      a997e178f8884079396c873624294304a5a4b5ee

    • SHA256

      bef0e71324a5d67d2273244267041314001b8fb95ba1c8639d6a5a709e8eb080

    • SHA512

      dc665a8882609d40145623ed0bd65c1a819e143818338cd47d5eec1cbc7f6f62acdfbbd43993ba7b01fc0ab178c2a4f1c84b50120dbdadb61a1ae771c552a5ec

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRM18:eebFNw4Pk1itKkpAjjI2Ypdm1

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks