General
-
Target
JaffaCakes118_1c37c947943a928e5378931ca23d3379
-
Size
2.0MB
-
Sample
241231-py4w5atkaq
-
MD5
1c37c947943a928e5378931ca23d3379
-
SHA1
570eead825c666609b7f7d94de4ff90a86cacb94
-
SHA256
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48
-
SHA512
70b16ed622c6cbf75e1e20c08f6415e0ed055c1b1ac9528e98713079bc93eefde4c67a06b8ba20265eafeeb7eb25c21c20f6d74ad00896533638ef6759683ace
-
SSDEEP
49152:0/PdqNddtNfBTXtF7tcEXwNBn+fxl7LI4mfe7mEttebsA8EnqN2U:0/PQNdjjtF7rSn+7LCfLE/eJH
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1c37c947943a928e5378931ca23d3379.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c37c947943a928e5378931ca23d3379.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.best
Targets
-
-
Target
JaffaCakes118_1c37c947943a928e5378931ca23d3379
-
Size
2.0MB
-
MD5
1c37c947943a928e5378931ca23d3379
-
SHA1
570eead825c666609b7f7d94de4ff90a86cacb94
-
SHA256
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48
-
SHA512
70b16ed622c6cbf75e1e20c08f6415e0ed055c1b1ac9528e98713079bc93eefde4c67a06b8ba20265eafeeb7eb25c21c20f6d74ad00896533638ef6759683ace
-
SSDEEP
49152:0/PdqNddtNfBTXtF7tcEXwNBn+fxl7LI4mfe7mEttebsA8EnqN2U:0/PQNdjjtF7rSn+7LCfLE/eJH
-
Conti family
-
Renames multiple (8016) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1