General
-
Target
JaffaCakes118_8af1cb2cc60741dbac95ed339a403bcc
-
Size
644KB
-
Sample
250328-x3kytasj14
-
MD5
8af1cb2cc60741dbac95ed339a403bcc
-
SHA1
82ea9ea3eeb7428d3ae47dd2e505070364589f75
-
SHA256
840fb5ee19fc8d0ce9ac390ee71a3ee53cfcff5b3978d56c06c2ac981ec414e3
-
SHA512
8d27134dceb3d9378422caf695cf0ca814cd65bb334d51a96a271a2b79285639e3be6866896337b6e139b9353016cf0f6955289ae28679a5573516bb618f12fc
-
SSDEEP
6144:T82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbY6ilV:Hp4pNfz3ymJnJ8QCFkxCaQTOllyu
Malware Config
Targets
-
-
Target
JaffaCakes118_8af1cb2cc60741dbac95ed339a403bcc
-
Size
644KB
-
MD5
8af1cb2cc60741dbac95ed339a403bcc
-
SHA1
82ea9ea3eeb7428d3ae47dd2e505070364589f75
-
SHA256
840fb5ee19fc8d0ce9ac390ee71a3ee53cfcff5b3978d56c06c2ac981ec414e3
-
SHA512
8d27134dceb3d9378422caf695cf0ca814cd65bb334d51a96a271a2b79285639e3be6866896337b6e139b9353016cf0f6955289ae28679a5573516bb618f12fc
-
SSDEEP
6144:T82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbY6ilV:Hp4pNfz3ymJnJ8QCFkxCaQTOllyu
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-