Overview

overview

10

Static

static

10

cc21a1139f...18.exe

windows7-x64

9

cc21a1139f...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc21a1139f4c776eadf232306d5aa684_JaffaCakes118

  • Size

    12KB

  • Sample

    241206-kxgmzszkdz

  • MD5

    cc21a1139f4c776eadf232306d5aa684

  • SHA1

    cea71702d3e5dc2f2f611d8b091754b692ea085f

  • SHA256

    2e3926f66c4ed325d3145915efab797e44ad0f58acc291c30637a5267ea615c4

  • SHA512

    cef78d50e62729f77a78d6197773b4611f8b661e415e313f4acd86af8f43abc7c297e185c223d5d8ac98332e1dec957b9ec3028f44675aba93d9611ed3b6bac1

  • SSDEEP

    192:dj7RW0nlABG/3Nfv8tiTV3HGc7EkpAqjEnT6GpsHcxUw4h+lfPtRMNajSX7:zWwB/3N38titKkpAqonTps6B40WNH

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      cc21a1139f4c776eadf232306d5aa684_JaffaCakes118

    • Size

      12KB

    • MD5

      cc21a1139f4c776eadf232306d5aa684

    • SHA1

      cea71702d3e5dc2f2f611d8b091754b692ea085f

    • SHA256

      2e3926f66c4ed325d3145915efab797e44ad0f58acc291c30637a5267ea615c4

    • SHA512

      cef78d50e62729f77a78d6197773b4611f8b661e415e313f4acd86af8f43abc7c297e185c223d5d8ac98332e1dec957b9ec3028f44675aba93d9611ed3b6bac1

    • SSDEEP

      192:dj7RW0nlABG/3Nfv8tiTV3HGc7EkpAqjEnT6GpsHcxUw4h+lfPtRMNajSX7:zWwB/3N38titKkpAqonTps6B40WNH

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks