Overview

overview

10

Static

static

10

e158c8d631...18.exe

windows7-x64

9

e158c8d631...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e158c8d6310112291938e5c2c181e241_JaffaCakes118

  • Size

    150KB

  • Sample

    241211-n2x3bawkfq

  • MD5

    e158c8d6310112291938e5c2c181e241

  • SHA1

    01c66023ab6aec3cda5143642f3a15077238a8fb

  • SHA256

    13c5256b9b7aa3205d3fe9d20ddf964e1a6fcb4d563b0ed1e106be9ce9d8e3dd

  • SHA512

    2a0dc4b42368561a407f6a15b892551a68aff77197541e3fcec4ff5d4ffd4a8ff1744326dd6f0f5af2765d44bca581c3632406bed0e076e80108c7b413499d18

  • SSDEEP

    1536:AOhiU4NNHgjrqnNqAPRfWmLgpMk9/hOam:R6kjen5JffgpMkx

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      e158c8d6310112291938e5c2c181e241_JaffaCakes118

    • Size

      150KB

    • MD5

      e158c8d6310112291938e5c2c181e241

    • SHA1

      01c66023ab6aec3cda5143642f3a15077238a8fb

    • SHA256

      13c5256b9b7aa3205d3fe9d20ddf964e1a6fcb4d563b0ed1e106be9ce9d8e3dd

    • SHA512

      2a0dc4b42368561a407f6a15b892551a68aff77197541e3fcec4ff5d4ffd4a8ff1744326dd6f0f5af2765d44bca581c3632406bed0e076e80108c7b413499d18

    • SSDEEP

      1536:AOhiU4NNHgjrqnNqAPRfWmLgpMk9/hOam:R6kjen5JffgpMkx

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks