General
-
Target
f5ecda7dd8bb1c514f93c09cea8ae00d_JaffaCakes118
-
Size
777KB
-
Sample
240925-nqwecawfnb
-
MD5
f5ecda7dd8bb1c514f93c09cea8ae00d
-
SHA1
f5e03c44b584367241cbd2152fbd99fcc9ccd43f
-
SHA256
4080402553e9a86e954c1d9b7d0bb059786f52aba4a179a5d00e219500c8f43d
-
SHA512
6ba2928825cced798d61cd1880525cbed4aeb79b04b4ec050e9657dfe06a95c7df3dc663dfc0f71c306af05a1dce1c764a27c4e0662719a7ba1f370af3aeb7d9
-
SSDEEP
12288:v4wMnyVrf59Kyh+exQk0wc5xQZkosR8uMS19dLz6f:v4dWmyh+jk1cHQZauxS19dLz6f
Static task
static1
Behavioral task
behavioral1
Sample
f5ecda7dd8bb1c514f93c09cea8ae00d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f5ecda7dd8bb1c514f93c09cea8ae00d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\DECRYPT-FILES.txt
maze
http://aoacugmutagkwctu.onion/888a0996ac713d6a
https://mazedecrypt.top/888a0996ac713d6a
Extracted
C:\$Recycle.Bin\DECRYPT-FILES.txt
maze
http://aoacugmutagkwctu.onion/86d4096bfc4623b5
https://mazedecrypt.top/86d4096bfc4623b5
Targets
-
-
Target
f5ecda7dd8bb1c514f93c09cea8ae00d_JaffaCakes118
-
Size
777KB
-
MD5
f5ecda7dd8bb1c514f93c09cea8ae00d
-
SHA1
f5e03c44b584367241cbd2152fbd99fcc9ccd43f
-
SHA256
4080402553e9a86e954c1d9b7d0bb059786f52aba4a179a5d00e219500c8f43d
-
SHA512
6ba2928825cced798d61cd1880525cbed4aeb79b04b4ec050e9657dfe06a95c7df3dc663dfc0f71c306af05a1dce1c764a27c4e0662719a7ba1f370af3aeb7d9
-
SSDEEP
12288:v4wMnyVrf59Kyh+exQk0wc5xQZkosR8uMS19dLz6f:v4dWmyh+jk1cHQZauxS19dLz6f
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Sets desktop wallpaper using registry
-