Overview

overview

10

Static

static

10

9bad14c1ac...18.exe

windows7-x64

9

9bad14c1ac...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bad14c1ac8ea571e567a5a6abd3fc0e_JaffaCakes118

  • Size

    79KB

  • Sample

    241125-qcjvhavjfp

  • MD5

    9bad14c1ac8ea571e567a5a6abd3fc0e

  • SHA1

    2f4eb57da75cfb844b5e10276fa4dc2fb10e85fb

  • SHA256

    1c17f4f6e4991c2847fee5ee7563d05c45fa0a9b2cb548ec20b9a1c6e77fa5d7

  • SHA512

    c5034e84e85e522a59f2163a6361004ea5e17c5670012b83b6020bae2f4a13ccdf5facbea99b734127fdcb24ea0dec223ee65928c69d4609666beee6b858d576

  • SSDEEP

    768:b0FmBkpKjPYpjpMTduyDr9Yd2BENaTB91GyG3+NsfWUajqzrJ35quyNQTUBy4grG:bOhxC5LpE8JmusWUcYF59yNQTU7grIX

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      9bad14c1ac8ea571e567a5a6abd3fc0e_JaffaCakes118

    • Size

      79KB

    • MD5

      9bad14c1ac8ea571e567a5a6abd3fc0e

    • SHA1

      2f4eb57da75cfb844b5e10276fa4dc2fb10e85fb

    • SHA256

      1c17f4f6e4991c2847fee5ee7563d05c45fa0a9b2cb548ec20b9a1c6e77fa5d7

    • SHA512

      c5034e84e85e522a59f2163a6361004ea5e17c5670012b83b6020bae2f4a13ccdf5facbea99b734127fdcb24ea0dec223ee65928c69d4609666beee6b858d576

    • SSDEEP

      768:b0FmBkpKjPYpjpMTduyDr9Yd2BENaTB91GyG3+NsfWUajqzrJ35quyNQTUBy4grG:bOhxC5LpE8JmusWUcYF59yNQTU7grIX

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (1829) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks