Extracted

• • Target

    290c7dfb01e50cea9e19da81a781af2c_JaffaCakes118

  • Size

    190KB

  • MD5

    290c7dfb01e50cea9e19da81a781af2c

  • SHA1

    8a52c7645ec8fd6c217dfe5491461372acc4e849

  • SHA256

    53b1c1b2f41a7fc300e97d036e57539453ff82001dd3f6abf07f4896b1f9ca22

  • SHA512

    be2f45b5cc110bc9c4e61723eb111e53d70f3e32757915a9a945589a5296e3a667afdf5978f7002869005f961d705058ffafd2076d44471b7826237c76e11d4d

  • SSDEEP

    3072:iZ0eFVz8q3Ab6BNx6GmZd9WAT4uY59oVU9FLBD9VK+gvPXCX8l9:i+eFVz8qTz6GmZjBUuC9HJDTKGY

  Score

  10^/10

  conticredential_accessdiscoveryransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7972) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2