Overview

overview

10

Static

static

10

b55ff18086...18.exe

windows7-x64

9

b55ff18086...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b55ff180867adb527c22181f26fbe733_JaffaCakes118

  • Size

    12KB

  • Sample

    241201-1zqaxayphn

  • MD5

    b55ff180867adb527c22181f26fbe733

  • SHA1

    9292d0f1066558a74b0be2937940fce6ae236002

  • SHA256

    b8eb08d019735fc8f3dd6266811fc0a9ff881a3219ae8efbcbeb633bc189975e

  • SHA512

    7a65955c4476a8a9a52c184501961b3a6540b25b1340e939a693fd58fc3c6f8d08be4547eb1c4bbb3124fc9ecf007c404bf685d57a8b4d731ff4451b2b9b22fe

  • SSDEEP

    192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMtq9pdul:eebFNw4Pk1itKkpAjjI2Ypdmtq9pd8

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      b55ff180867adb527c22181f26fbe733_JaffaCakes118

    • Size

      12KB

    • MD5

      b55ff180867adb527c22181f26fbe733

    • SHA1

      9292d0f1066558a74b0be2937940fce6ae236002

    • SHA256

      b8eb08d019735fc8f3dd6266811fc0a9ff881a3219ae8efbcbeb633bc189975e

    • SHA512

      7a65955c4476a8a9a52c184501961b3a6540b25b1340e939a693fd58fc3c6f8d08be4547eb1c4bbb3124fc9ecf007c404bf685d57a8b4d731ff4451b2b9b22fe

    • SSDEEP

      192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMtq9pdul:eebFNw4Pk1itKkpAjjI2Ypdmtq9pd8

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2219) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks