Overview

overview

10

Static

static

10

c93ada122f...18.exe

windows7-x64

9

c93ada122f...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c93ada122f12b6303430a0d95defed32_JaffaCakes118

  • Size

    12KB

  • Sample

    241205-yxme5awnfr

  • MD5

    c93ada122f12b6303430a0d95defed32

  • SHA1

    3ba1e851cc06c47a3feae223d63814c035d755de

  • SHA256

    17ebf39a6d8b5987e5b582e637003254210394027d0aef13185e0737dff71354

  • SHA512

    ba34e4730a985d9795b7a1fb9c0750380522b80235feeb294eeaef8b793e2dc0f1ac3c4569223f0b178a9761be967547084f2506d8ca0879961caed729f36ebf

  • SSDEEP

    192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9G:JebFNw4Pk1itKkpAjjJs6B40WCyWOX

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      c93ada122f12b6303430a0d95defed32_JaffaCakes118

    • Size

      12KB

    • MD5

      c93ada122f12b6303430a0d95defed32

    • SHA1

      3ba1e851cc06c47a3feae223d63814c035d755de

    • SHA256

      17ebf39a6d8b5987e5b582e637003254210394027d0aef13185e0737dff71354

    • SHA512

      ba34e4730a985d9795b7a1fb9c0750380522b80235feeb294eeaef8b793e2dc0f1ac3c4569223f0b178a9761be967547084f2506d8ca0879961caed729f36ebf

    • SSDEEP

      192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMCZgWOS9G:JebFNw4Pk1itKkpAjjJs6B40WCyWOX

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2209) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks