Overview

overview

10

Static

static

1

JaffaCakes...8.html

windows10-ltsc 2021-x64

10

Resubmissions

27-01-2025 16:24

250127-twh9vsxjhy 6

27-01-2025 16:23

250127-tvw5bsxpcl 1

27-01-2025 16:22

250127-tt83haxjcx 1

27-01-2025 16:16

250127-tqthmswqgx 8

27-01-2025 02:40

250127-c5ymgaxndr 10

25-01-2025 04:07

250125-epynmsvndw 4

24-01-2025 16:04

250124-th4cwawmhv 3

22-01-2025 22:00

250122-1wz1yayncr 3

17-01-2025 16:53

250117-vd492sxmdp 3

17-01-2025 16:44

250117-t8sdaswphz 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1d93e8597dd860cf81cd913c4b997818

  • Size

    25KB

  • Sample

    250114-vjbvpawjej

  • MD5

    1d93e8597dd860cf81cd913c4b997818

  • SHA1

    a7dacf6a32b194720a87130a16f2222c44f036eb

  • SHA256

    6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

  • SHA512

    c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98

  • SSDEEP

    384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score
10/10
chimeradiscoverypersistenceransomware

Malware Config

Targets

    • Target

      JaffaCakes118_1d93e8597dd860cf81cd913c4b997818

    • Size

      25KB

    • MD5

      1d93e8597dd860cf81cd913c4b997818

    • SHA1

      a7dacf6a32b194720a87130a16f2222c44f036eb

    • SHA256

      6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

    • SHA512

      c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98

    • SSDEEP

      384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

    Score
    10/10
    chimeradiscoverypersistenceransomware

    • Chimera

      Ransomware which infects local and network files, often distributed via Dropbox links.

      ransomwarechimera

    • Chimera family

      chimera

    • Contacts a large (4884) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Renames multiple (3305) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks