Overview

overview

10

Static

static

10

f2187dc6a7...18.exe

windows7-x64

9

f2187dc6a7...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118

  • Size

    13KB

  • Sample

    241215-d5pj8sspdz

  • MD5

    f2187dc6a727dc6acd947d4f0daf057a

  • SHA1

    ce01fbee72e2a99f43c693131e50f804d99e9ca4

  • SHA256

    b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f

  • SHA512

    774aceb5ae4ec8d621db614163d7d32889d06d12ed6594df110b59abb73c105bb44292d77a3e89ffef7cc1be7b889bf18d2dc967c11b76f80aa9a91d376cd0b0

  • SSDEEP

    192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMHl7Qul:JebFNw4Pk1itKkpAjjJs6B40WHzl

Score
10/10
xoristdiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      f2187dc6a727dc6acd947d4f0daf057a_JaffaCakes118

    • Size

      13KB

    • MD5

      f2187dc6a727dc6acd947d4f0daf057a

    • SHA1

      ce01fbee72e2a99f43c693131e50f804d99e9ca4

    • SHA256

      b31b3d847be6d345f5ab196c773957a6ff3a9e138897c02e0e29b753c6e75e0f

    • SHA512

      774aceb5ae4ec8d621db614163d7d32889d06d12ed6594df110b59abb73c105bb44292d77a3e89ffef7cc1be7b889bf18d2dc967c11b76f80aa9a91d376cd0b0

    • SSDEEP

      192:J/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjaGpsHcxUw4h+lfPtRMHl7Qul:JebFNw4Pk1itKkpAjjJs6B40WHzl

    Score
    9/10
    ransomwarespywarestealerdiscovery

    • Renames multiple (3056) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks