Overview

overview

10

Static

static

10

dc87211d94...18.exe

windows7-x64

9

dc87211d94...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc87211d948e14a32558129345536648_JaffaCakes118

  • Size

    12KB

  • Sample

    241210-ckmpgavmcp

  • MD5

    dc87211d948e14a32558129345536648

  • SHA1

    6ea4d17c4ed9ba1cff43772c8f1cb142eadf522c

  • SHA256

    5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc

  • SHA512

    f5892b59ec017779f235693de783eda6dac2fc29af51ab92962f4390490c8df22dce2260d18343104fe678b936856f6e4f901b787ee0962c1335cf0b69db5cc3

  • SSDEEP

    192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMBSwvf78qm:yebFNw4Pk1itKkpAjjI2YpdmB978M

Score
10/10
xoristdiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      dc87211d948e14a32558129345536648_JaffaCakes118

    • Size

      12KB

    • MD5

      dc87211d948e14a32558129345536648

    • SHA1

      6ea4d17c4ed9ba1cff43772c8f1cb142eadf522c

    • SHA256

      5ecd0cd5e48aba41c6f4848633809f5a1e90b5d475adc7892788337a5316e8cc

    • SHA512

      f5892b59ec017779f235693de783eda6dac2fc29af51ab92962f4390490c8df22dce2260d18343104fe678b936856f6e4f901b787ee0962c1335cf0b69db5cc3

    • SSDEEP

      192:y/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMBSwvf78qm:yebFNw4Pk1itKkpAjjI2YpdmB978M

    Score
    9/10
    discoveryransomwarespywarestealer

    • Renames multiple (2214) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks