Overview

overview

10

Static

static

10

a049d5d690...18.exe

windows7-x64

9

a049d5d690...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a049d5d690915345f7c30672a058dc8a_JaffaCakes118

  • Size

    96KB

  • Sample

    241126-g2zgtaymdv

  • MD5

    a049d5d690915345f7c30672a058dc8a

  • SHA1

    df39a4a9d358fea2796dc5ba790c3a364fcedf60

  • SHA256

    e593a473ce7a0d4d255f21082f2526dc4aeca3203e908cb5ab7d929e205bc88d

  • SHA512

    7322742234cd60826ba7c5096a56d472ea949ab09ce649aa11aabeac08a20bd01c0e63c05afa1ee51167e86d6cb42384732a353d9cb4506cf160232680745890

  • SSDEEP

    1536:jOh8gXbX075M2V2f+ffGQzRbtFO2616is:Y/Lk75M2V2fS+Qtbt4

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      a049d5d690915345f7c30672a058dc8a_JaffaCakes118

    • Size

      96KB

    • MD5

      a049d5d690915345f7c30672a058dc8a

    • SHA1

      df39a4a9d358fea2796dc5ba790c3a364fcedf60

    • SHA256

      e593a473ce7a0d4d255f21082f2526dc4aeca3203e908cb5ab7d929e205bc88d

    • SHA512

      7322742234cd60826ba7c5096a56d472ea949ab09ce649aa11aabeac08a20bd01c0e63c05afa1ee51167e86d6cb42384732a353d9cb4506cf160232680745890

    • SSDEEP

      1536:jOh8gXbX075M2V2f+ffGQzRbtFO2616is:Y/Lk75M2V2fS+Qtbt4

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (643) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks