General
-
Target
fd0da4f3d8ff91c15da4fb93e8121e21_JaffaCakes118
-
Size
171KB
-
Sample
241218-zjrcla1ldv
-
MD5
fd0da4f3d8ff91c15da4fb93e8121e21
-
SHA1
93890a16d1c0597cd4e92b85b2313d21a8c7d41d
-
SHA256
0943bcbe3e1944034090bd1ac334804f7d5f1205a06182c9a1d52e3e29405a3b
-
SHA512
d9de2b95064cc1dacc79d9a5a7efb7c88e8eab58b96b208744c075583c3bf28b8c49c5276383ac4122211e3bab3ff9bfa02cdf465e77eef5ee7878aeeb0f28b1
-
SSDEEP
3072:uXyJStHyynWJs4JrboEwTdrqwGDSSh3+LT0t9NKKKIs:uYStSyWjv6qwGTq0t9NdU
Malware Config
Targets
-
-
Target
fd0da4f3d8ff91c15da4fb93e8121e21_JaffaCakes118
-
Size
171KB
-
MD5
fd0da4f3d8ff91c15da4fb93e8121e21
-
SHA1
93890a16d1c0597cd4e92b85b2313d21a8c7d41d
-
SHA256
0943bcbe3e1944034090bd1ac334804f7d5f1205a06182c9a1d52e3e29405a3b
-
SHA512
d9de2b95064cc1dacc79d9a5a7efb7c88e8eab58b96b208744c075583c3bf28b8c49c5276383ac4122211e3bab3ff9bfa02cdf465e77eef5ee7878aeeb0f28b1
-
SSDEEP
3072:uXyJStHyynWJs4JrboEwTdrqwGDSSh3+LT0t9NKKKIs:uYStSyWjv6qwGTq0t9NdU
Score9/10-
Renames multiple (2169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-