Extracted

• • Target

    d9fc3b845454f7588b0f48b017fb9a50_JaffaCakes118

  • Size

    1.0MB

  • MD5

    d9fc3b845454f7588b0f48b017fb9a50

  • SHA1

    17de143a193969b85902fa54c1554410dcf72b06

  • SHA256

    1fe2341438aea4b0427f3f2808918b6ef00bf742bc903e94022c7f73df914ed4

  • SHA512

    bb11d7ad5d6f426b23c459d130c8962c66a70fa5d6df35ffbf2bc51ae619dc94bb9bccd990d0856a6a5ca40f0a3d5519b7f0dd075fc9e1a65f846a4a72a7449c

  • SSDEEP

    24576:m2g8AFUAEUM91zfwVPIl6Mw3C1tvIgOB9Af8P2rU:+FUB9wRMUYL8P2rU

  Score

  10^/10

  ctblockerdefense_evasiondiscoveryexecutionimpactransomware

  • CTB-Locker

    Ransomware family which uses Tor to hide its C2 communications.

    ransomwarectblocker

  • Ctblocker family

    ctblocker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2