General
-
Target
1db7e8b7967cf16097d1249568cac2c8_JaffaCakes118
-
Size
15.9MB
-
Sample
240329-krnjcadd81
-
MD5
1db7e8b7967cf16097d1249568cac2c8
-
SHA1
bafbe94cf6cb1fb91f9864878fec403048a3e00f
-
SHA256
02bda607e6ebed76ff24b8c404f467bd6c7bd55ebb2d4905e9bc6b72a06606ef
-
SHA512
f37c73c698b1a56509401ff2a4cf0d178cd77e499a6ac8a6d970b743842ee21c9bec62c363d3d31dd516fbe5605956acd3eabca4ef8ebb16105c3ebc6a549320
-
SSDEEP
393216:tg7ung7ung7ung7ung7ung7ung7ung7uN:mSgSgSgSgSgSgSgSN
Malware Config
Targets
-
-
Target
1db7e8b7967cf16097d1249568cac2c8_JaffaCakes118
-
Size
15.9MB
-
MD5
1db7e8b7967cf16097d1249568cac2c8
-
SHA1
bafbe94cf6cb1fb91f9864878fec403048a3e00f
-
SHA256
02bda607e6ebed76ff24b8c404f467bd6c7bd55ebb2d4905e9bc6b72a06606ef
-
SHA512
f37c73c698b1a56509401ff2a4cf0d178cd77e499a6ac8a6d970b743842ee21c9bec62c363d3d31dd516fbe5605956acd3eabca4ef8ebb16105c3ebc6a549320
-
SSDEEP
393216:tg7ung7ung7ung7ung7ung7ung7ung7uN:mSgSgSgSgSgSgSgSN
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-