Overview

overview

10

Static

static

10

aea83d641e...18.exe

windows7-x64

9

aea83d641e...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aea83d641e13c31d59d9376f987741a6_JaffaCakes118

  • Size

    5.5MB

  • Sample

    241129-d7kztssrct

  • MD5

    aea83d641e13c31d59d9376f987741a6

  • SHA1

    78aba40c96a894266fb1998fc0212c01de163499

  • SHA256

    ff1dc825022bf55fe0765b1366ccbdc310a399e97a3bace90dc942c041ca4f59

  • SHA512

    0932adf795ed82ceff2cf7ad85d7cd556219d9872372f6ea642d06c79754ab0f215bebbebf0dabe383ef2d3aa0aebb4f2b919618dda329ee046b2a12ab1ae4bb

  • SSDEEP

    12288:QpV4J+yQoTF4CoUzNSPH/zKG4CyG84qIBix3I:54CBUrQwj0K

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      aea83d641e13c31d59d9376f987741a6_JaffaCakes118

    • Size

      5.5MB

    • MD5

      aea83d641e13c31d59d9376f987741a6

    • SHA1

      78aba40c96a894266fb1998fc0212c01de163499

    • SHA256

      ff1dc825022bf55fe0765b1366ccbdc310a399e97a3bace90dc942c041ca4f59

    • SHA512

      0932adf795ed82ceff2cf7ad85d7cd556219d9872372f6ea642d06c79754ab0f215bebbebf0dabe383ef2d3aa0aebb4f2b919618dda329ee046b2a12ab1ae4bb

    • SSDEEP

      12288:QpV4J+yQoTF4CoUzNSPH/zKG4CyG84qIBix3I:54CBUrQwj0K

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks