Extracted

• • Target

    520d488564da102f5482fcfdcdbd266a_JaffaCakes118

  • Size

    1.6MB

  • MD5

    520d488564da102f5482fcfdcdbd266a

  • SHA1

    45deee8360e5af17ca04f4bc0fd2c52ae92eb9f0

  • SHA256

    e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7

  • SHA512

    e2c4f46dcf40b8f03bc9fbe0f0cecf933d2825788b0e9f270e7e7ae8a60174d1b7fc778870aa7ce7ba5cb464f28cc5842d043fc93535921749d186e414f51906

  • SSDEEP

    49152:IF/dnNIXDMIHun5tfySS2wMyw4jVrAGuM2:

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7909) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2