Overview

overview

10

Static

static

10

c669e64cd1...18.exe

windows7-x64

9

c669e64cd1...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c669e64cd1558151caa3c12989496da1_JaffaCakes118

  • Size

    12KB

  • Sample

    241205-hj2d5ayqhm

  • MD5

    c669e64cd1558151caa3c12989496da1

  • SHA1

    563b485a0c41f1f9db94002170eb5f38b4297eef

  • SHA256

    c0b62f0a6a1d95428e61904efe29489d97c2b5770d940b483d8c6cd0a14cd7a3

  • SHA512

    70e30fceeabf662ec8df91bcef0fb0117c2939c53099595457298d0a721ddee3a071a7f48c925ca939f371e981a929efd84342154856702f81932777c4a049cd

  • SSDEEP

    192:+/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMv37Dc:+ebFNw4Pk1itKkpAjjI2YpdmvLD

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      c669e64cd1558151caa3c12989496da1_JaffaCakes118

    • Size

      12KB

    • MD5

      c669e64cd1558151caa3c12989496da1

    • SHA1

      563b485a0c41f1f9db94002170eb5f38b4297eef

    • SHA256

      c0b62f0a6a1d95428e61904efe29489d97c2b5770d940b483d8c6cd0a14cd7a3

    • SHA512

      70e30fceeabf662ec8df91bcef0fb0117c2939c53099595457298d0a721ddee3a071a7f48c925ca939f371e981a929efd84342154856702f81932777c4a049cd

    • SSDEEP

      192:+/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMv37Dc:+ebFNw4Pk1itKkpAjjI2YpdmvLD

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2211) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks