Behavioral task
behavioral1
Sample
ee4e9c3c115fb8d14fbc59bdfa74d60e_JaffaCakes118.html
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
ee4e9c3c115fb8d14fbc59bdfa74d60e_JaffaCakes118.html
Resource
win10v2004-20231215-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
ee4e9c3c115fb8d14fbc59bdfa74d60e_JaffaCakes118
-
Size
4KB
-
MD5
ee4e9c3c115fb8d14fbc59bdfa74d60e
-
SHA1
663a62b2b12aac4cd499b0f1335bf38cecba711a
-
SHA256
af983738e866380d0a4cadd7dc1015643613abc17cc4c13e171e49d8642167c6
-
SHA512
0e0cc5903bcdd3073a52ec7ef635f404e780540cc58d9931e095adfa4cadc8d41ab5c2119e59a9801a1abc87d18bd8cef586f6aeced7254f12d021ba9381fd40
-
SSDEEP
96:8y+cAl5azln+DtZogCrfd4mPaYM+ViKFe8LDmUbbSOSVIj2:8OAl0z8DjyDdnaT+IKYQDmZ
Score
10/10
Malware Config
Extracted
Family
medusalocker
Ransom Note
Your personal ID:
A533040AD1FE2D32665A7EA9C9BADA27EF21BE4F07AD03AC6AC8075EB3E753FB744E97C8F93CDF2CD5A995AB6227D3511BA5997853FA144C81FDBC8F06CDE65A
EB4CD8E8119EEC371358F70453976A9427416F0438C7870EE2FCCF661F2B51C9731DC553A227F6F625888EF90552FC71283262E14BBCBA26045A6C33518B
4420CEAC49F8615794F672077431B0AB07B7DDAD3DD4D07B18E0C63FEF838E9A595110F05000F575FF27B8FA7C04A9D9EB317AA965177E23C1EA8B256EC2
965C96E4172EC264C7AB7B8874F8CB0E93F01CE3B771DFE4FA1BEEB4DC3C50F6DD992540A8D4E1331F586AA71CFB857B06E29EF6155A1A8D08B817CAB979
0B622239806383A1914B570FDD0C66D8151678026CC800643E58D8C07FC387A4206DF081C4AD620DEB74FFB7B5C37E1B9A1B807D5A20B287A323EDB0463B
DC33767A6DA10C4763544D82F046F83D3E057CF20BBBC39854D89CB16B1A54FDFF1606159A2F7B6EF367648722A0C4F01A7CA735964EFD652187B3BC5036
DE63E3B0B009A23E79A65613A9F3AE7D4EBF0C94B957F54B3731595043585517840E8D6FDDD55F79BA3C2177E5F97DBC9F1E874697769D555D65F6CF81AA
D0A178EDD4D0B8C2F340E8F2F016C2CE604CCC15FBD2118C60FF16FBA2E54766D2F02AB6C435BE146DD6DBD5FFDC7ED71369B94B75565DCBD041B7BF9076
1CAE39C55F71B92FDD5F2673B19B
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
* Note that this server is available via Tor browser only
Follow the instructions to open the link:
1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
4. Start a chat and follow the further instructions.
If you can not use the above link, use the email:
[email protected] m [email protected]
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
Emails
Signatures
-
Medusalocker family
Files
-
ee4e9c3c115fb8d14fbc59bdfa74d60e_JaffaCakes118.html