Overview

overview

10

Static

static

10

JaffaCakes...a5.exe

windows7-x64

10

JaffaCakes...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5

  • Size

    2.4MB

  • Sample

    250105-1vlrxsxlfv

  • MD5

    bfaeb628eb811839395ca7bf5ef866a5

  • SHA1

    0146e8ec67756f5ec6d349dc6ac6a1633f360341

  • SHA256

    17c184859f0ba6c44db4b486aeb091ad2dae5f6078816a9b03bc71ad78d97d41

  • SHA512

    cc19310cedebb89891bda9e29b85b6196eee6f50897c73e32d1b4f4b3a0c057fee7363e713e3514eac9eeab1e02b441817ea9ce49169d123db46e7c47f83ca1e

  • SSDEEP

    49152:33j638rQukLXGqRYv+RlbImz4vX9f+pRLftA4n5JxJutIp0C+TYfuosy7WVYpVJe:3KJ3RSmzIX9W/LftT5Jx4IpOTYfuosyM

Score
10/10
snatchcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_bfaeb628eb811839395ca7bf5ef866a5

    • Size

      2.4MB

    • MD5

      bfaeb628eb811839395ca7bf5ef866a5

    • SHA1

      0146e8ec67756f5ec6d349dc6ac6a1633f360341

    • SHA256

      17c184859f0ba6c44db4b486aeb091ad2dae5f6078816a9b03bc71ad78d97d41

    • SHA512

      cc19310cedebb89891bda9e29b85b6196eee6f50897c73e32d1b4f4b3a0c057fee7363e713e3514eac9eeab1e02b441817ea9ce49169d123db46e7c47f83ca1e

    • SSDEEP

      49152:33j638rQukLXGqRYv+RlbImz4vX9f+pRLftA4n5JxJutIp0C+TYfuosy7WVYpVJe:3KJ3RSmzIX9W/LftT5Jx4IpOTYfuosyM

    Score
    10/10
    snatchcredential_accessdefense_evasiondiscoveryexecutionimpactransomwarespywarestealerupx

    • Detecting the common Go functions and variables names used by Snatch ransomware

    • Snatch Ransomware

      Ransomware family generally distributed through RDP bruteforce attacks.

      ransomwaresnatch

    • Snatch family

      snatch

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (7867) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks