Overview

overview

10

Static

static

10

f00774a9eb...18.exe

windows7-x64

9

f00774a9eb...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f00774a9eb0843d6661183fff0b1e036_JaffaCakes118

  • Size

    12KB

  • Sample

    241214-wp954szme1

  • MD5

    f00774a9eb0843d6661183fff0b1e036

  • SHA1

    02bbff2a919a856488c83db3f302ad52f4a3cef7

  • SHA256

    36e27fc3d476b9e94813b20e50d6fd88694bf0e4ad4372cec351481e668e1754

  • SHA512

    35d8f208764359ddc780a9a3d16368871822cdd58105b0d733dc787f45ea833f1dc7b40bd6a65f7e9be209de5b35603dca72a963362e681e2a24186316b12b28

  • SSDEEP

    192:m/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMLzo+xPmfX:mebFNw4Pk1itKkpAjjI2YpdmLzefEda

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      f00774a9eb0843d6661183fff0b1e036_JaffaCakes118

    • Size

      12KB

    • MD5

      f00774a9eb0843d6661183fff0b1e036

    • SHA1

      02bbff2a919a856488c83db3f302ad52f4a3cef7

    • SHA256

      36e27fc3d476b9e94813b20e50d6fd88694bf0e4ad4372cec351481e668e1754

    • SHA512

      35d8f208764359ddc780a9a3d16368871822cdd58105b0d733dc787f45ea833f1dc7b40bd6a65f7e9be209de5b35603dca72a963362e681e2a24186316b12b28

    • SSDEEP

      192:m/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMLzo+xPmfX:mebFNw4Pk1itKkpAjjI2YpdmLzefEda

    Score
    9/10
    discoverypersistenceransomwarespywarestealer

    • Renames multiple (2503) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks