Extracted

• • Target

    a239735cddd49236ae3562d43d83a8e4_JaffaCakes118

  • Size

    2.4MB

  • MD5

    a239735cddd49236ae3562d43d83a8e4

  • SHA1

    35bad8d66c79af9dabdcdd8dcebfc0440efc42a1

  • SHA256

    cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c

  • SHA512

    34bbfc20d82c4227f9e745f0f7cdb5ce68c684a4a84cde0340fa82601f9340fcb7d21c6060564be8580dcba8c3d1b5a16b28ab6964508e0d1ab994b59a818fef

  • SSDEEP

    49152:czlsjR3QZgRWsu1s8thudV3HGSQFsBL55:Q2aiRWs+1Uo2

  Score

  10^/10

  smaugransomwarespywarestealer

  • Smaug

    Ransomware-as-a-service first seen marketed on forums etc. in early 2020.

    ransomwaresmaug

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops file in System32 directory

  behavioral1behavioral2