General
-
Target
cad7af2b2714b813aa083c5e692cd7ba_JaffaCakes118
-
Size
9.0MB
-
Sample
241208-wt38cs1nbx
-
MD5
cad7af2b2714b813aa083c5e692cd7ba
-
SHA1
24eb7d428398fb6fe79da729e8ff416b0970d6d8
-
SHA256
7eceee2d481d80031eb26f51bd11fbf9671c123107c83b0100b5dbaaf52ec833
-
SHA512
5f8902b38668bbf17001e47cb5045c590f1d733e00e0dddcdc5f95c883f93afdddac97d3a6f37981b9648869fd3247220d92adef8ca42e6a3b7630ac9300c4b8
-
SSDEEP
768:HOucKn7n1JGDNANIUARbvLDwUzc80gmq3oP/oDE:HO2GDNAPA9r/0O8/o4
Malware Config
Targets
-
-
Target
cad7af2b2714b813aa083c5e692cd7ba_JaffaCakes118
-
Size
9.0MB
-
MD5
cad7af2b2714b813aa083c5e692cd7ba
-
SHA1
24eb7d428398fb6fe79da729e8ff416b0970d6d8
-
SHA256
7eceee2d481d80031eb26f51bd11fbf9671c123107c83b0100b5dbaaf52ec833
-
SHA512
5f8902b38668bbf17001e47cb5045c590f1d733e00e0dddcdc5f95c883f93afdddac97d3a6f37981b9648869fd3247220d92adef8ca42e6a3b7630ac9300c4b8
-
SSDEEP
768:HOucKn7n1JGDNANIUARbvLDwUzc80gmq3oP/oDE:HO2GDNAPA9r/0O8/o4
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Nitro family
-
Renames multiple (62) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-