General
-
Target
b7938b29a73c948e483937740e10f679_JaffaCakes118
-
Size
901KB
-
Sample
241202-jn4wgs1qbq
-
MD5
b7938b29a73c948e483937740e10f679
-
SHA1
2d755deff735ba94063d486f2786c2481610e2f7
-
SHA256
39a9f8c96ce9f7ecf2f2424ce0aea2db15df3f6b75bb543218dab48a8d1fceba
-
SHA512
bf5d9c0dc1d5d1579f103bb7cb2460a1498c78f61ac09b330aaa94da83ace54947b47f7db7455f25cef53b238f7626fab16b96e32162a576be8c59bd77bbb64c
-
SSDEEP
24576:uixqciwUBrVIPO3ZTEJ6ohPPgIGXUmLY9RUkjEvRFTs:XqcDPO3dohwumLQRE3I
Malware Config
Targets
-
-
Target
b7938b29a73c948e483937740e10f679_JaffaCakes118
-
Size
901KB
-
MD5
b7938b29a73c948e483937740e10f679
-
SHA1
2d755deff735ba94063d486f2786c2481610e2f7
-
SHA256
39a9f8c96ce9f7ecf2f2424ce0aea2db15df3f6b75bb543218dab48a8d1fceba
-
SHA512
bf5d9c0dc1d5d1579f103bb7cb2460a1498c78f61ac09b330aaa94da83ace54947b47f7db7455f25cef53b238f7626fab16b96e32162a576be8c59bd77bbb64c
-
SSDEEP
24576:uixqciwUBrVIPO3ZTEJ6ohPPgIGXUmLY9RUkjEvRFTs:XqcDPO3dohwumLQRE3I
Score10/10-
Troldesh family
-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score3/10 -
-
-
Target
152605369
-
Size
16KB
-
MD5
db98bbd569a043527d8fc0b941704b15
-
SHA1
a076084247c4dd85be4578890167f270951366a8
-
SHA256
8cd22952b2d7f081e37b135b88443204cebe6a0f5671a0a034a94a5cfe9e9200
-
SHA512
049c1856b9863c35d8e662c89df69ca8c67b91e8c74b71d0bb388d8d9293d61ae6df3671ebe69065b498bf2b1ef21b66ba868652cdb3209624a13fc938d15347
-
SSDEEP
384:g/VA/V+qTyqSnq+0YVS/026zoxSJfA2rMMkauWv1ie17l+Wp6EW/6j6d6bqokBqP:g/6//kxtfoVi+0uA
Score3/10 -
-
-
Target
1916524053
-
Size
14KB
-
MD5
d0ee63c5f0cf81b2d20014ce7d646d71
-
SHA1
511145ad1fe8d88f3c7331e1704c3373245e4913
-
SHA256
53da10f8f1396b1a9ace12588fd0758e47bcacf6e09fac111759b76a519d7ac8
-
SHA512
f246c48c084455e9da5773d3b0c5df145843dd6f1cea48ab56c42087565f6bf8418ec38b2710278a6ccee0691ca43a2456de7a3428512bdbfadbedefc76b1c58
-
SSDEEP
384:3ZKgo27p97LLajFZTQJEqUc7GArYUNN6dGluGep1sUlJDwC:kp27DuX
Score3/10 -
-
-
Target
3072838935
-
Size
16KB
-
MD5
166625d3a963d2c518dc1aad618d2144
-
SHA1
2cbacc49cf8d3c8989c0f998a82a667fb8763929
-
SHA256
45631acf483352f9498790b044b8a7af9e01e5add669746d7ad116601ff5ec50
-
SHA512
a5aaedc779da1044fbd484af64f1720180301acd6ab75086acf60178122b1b2461b9ed50efcb2994e0cb658fa1b7ec529a8758b7e0b5ad14ec510f8a6d5dfd38
-
SSDEEP
384:N5P+5Ps4/zZBdDWjbzeQYSCMqPM9wUHRvThavsjOcJP9x3qJdU9Kw1vKUd2jMDW:NUC4/z12QKd6
Score3/10 -
-
-
Target
32093631739.html
-
Size
4KB
-
MD5
f014315d82e1df2b7fb789341442e7fd
-
SHA1
fedfe44220e6a74c766117c0d3528e3764f550ab
-
SHA256
8b43ba1b91a5d0654f19221b61e51f664f64d11b881fa5e2bf57835d2e8f0917
-
SHA512
1a64d85009e66532bac7549d078fb930837011355e6673527a72d0ecf574d3963074b779b33f56f84e2f1803c674da02dc6880e9d0c2ef882b782b05f6dd3956
-
SSDEEP
48:Im3vpcSTSn1M6geADNAI5pz4X1xS0lzWJlS3SeBKcc4sAeGIqGOL5BZCSjND4YBx:xtG1M6MRnMOcCX5Aee8teB4u
Score3/10 -
-
-
Target
910218026
-
Size
14KB
-
MD5
e1754cf777eeedcc40ccbc8b35a71a97
-
SHA1
03bf43e5f643856c3ce6f8508f28cb7bad87deff
-
SHA256
250ceae9d074a576a7be1607ebb08ab71a4a135676ff72432171c9ef11a8b5a2
-
SHA512
30c8589b2efa04a89f4e57897be997d374dd9470b85633c4f9cdbe5b80055d6db08b2ec7318f1881c6b039c8620ec96314e24ae2251913a5907186be8811041e
-
SSDEEP
384:0WUkF9oPJMk2rvaAuzS16ofM+1PyHLDUqPz58e+InvkubE2:lmydcgOR
Score3/10 -
-
-
Target
SuggestBox.js
-
Size
10KB
-
MD5
fc48f86b09dadf6df9a5d6afb1ab321c
-
SHA1
7559bebf0b42eec742b2fff93a261385975603fe
-
SHA256
11ccbad36bff8d529e7c21a42106594e2a147483223416d9d3b12965b20ff66d
-
SHA512
a9e9371146dc1bba7c094cdf76e5cceb6e605ae878ec54767f50722ff6b563270e6112a6ea6c9c1027268996496da7b0adb345505b42186aac68cecb4321ddd1
-
SSDEEP
192:D2W6P+lDIvdnL/U97NWPTOo9XHxwKMrKnBe+ZlMZsYvdUL3:DP6P+lDIvdnL/UlNWPTJ9XHWKMrKnBeY
Score3/10 -
-
-
Target
Uninstaller.exe
-
Size
43KB
-
MD5
4a269bf092c7ac2df634e87f5b3351af
-
SHA1
554216db1084068ae2c93a19ca15359031ee169f
-
SHA256
4005800e476d055bc524bf46624a854f24de0e7912bfe7f5b9bbec841b1516da
-
SHA512
7efcb35cfaeaddda7245fc43baf3752fc9d44e73bdd9d4a5356efda72de219b72f07ca2fd75312198a8310b5e773ba2a1f916e967d878a34ca3ab12f8ed96d6d
-
SSDEEP
768:CqjtOoh/pZbvc+HX+fFXSJA/mIj6qkzry8F9zGPVzI6ihZUAFM:zjoUxZbE+HOI66qkryz9zI6i8
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
ads-the-internet-the-icon-revealed
-
Size
17KB
-
MD5
8dd6c022de9cf06c34d411dc1a92bed4
-
SHA1
587afdb9f5ac2d57665eec91c0d3a419e9143d3b
-
SHA256
d9c080fbd0c14369ada394d388d75c81f0670faa01744883755b7131e946571d
-
SHA512
cf7cd97d428e2e962a1b6757a5694bb483d0006155e576d53744aa33498f50a6ce3b6acf1b36b859ff81a8eb21fb61ce7d667967158e71a6df6c08bfad06ef0b
-
SSDEEP
384:bgF3E+uUvXyWi7sI2jf9s64U/fQe9LQX0aALWLex3+YKSHXzOcnY0foNwG3SRLw3:UOe3Jop/Qgk6
Score3/10 -
-
-
Target
locales308946821.html
-
Size
9KB
-
MD5
e1c9d5227511bfabc3ae00fc6e9be3f1
-
SHA1
e06944733b698b5d7694ca26b6e22f72a5f5ca45
-
SHA256
7359cb76dc905b11e82b520638f0710875720b853ab05536a8d3e4a65f4d6efd
-
SHA512
eb5439f063e9eb6ae2b1fd7f9b693368190d30ef69515dd63524cfedc372183ba15bc7bc913512c1f616a735dc1ac917950681fff1bb180c577f66a58cadf0f8
-
SSDEEP
192:hB8vIGNu4q7E2q1To+uM+SqIWqdGukegYr4/:hcc4O91q2erk/
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
2