General
-
Target
730ca73a23dd70b2edf3712e4d03db1c_JaffaCakes118
-
Size
1.1MB
-
Sample
240401-rd5c9sgb92
-
MD5
730ca73a23dd70b2edf3712e4d03db1c
-
SHA1
48d8ff863d43bde2614ae387841135d1b33e66da
-
SHA256
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
-
SHA512
454b6caad5539489cbbce8efd34a2ec03b6ce38490c6c3d05f18c8825c1d70e98b1efc5974ebf92213c292d782e55abad2e1ddd0130d0ad7d2c33336a1c98f8a
-
SSDEEP
24576:4Am1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:4AmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ
Static task
static1
Behavioral task
behavioral1
Sample
730ca73a23dd70b2edf3712e4d03db1c_JaffaCakes118.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
730ca73a23dd70b2edf3712e4d03db1c_JaffaCakes118.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
730ca73a23dd70b2edf3712e4d03db1c_JaffaCakes118
-
Size
1.1MB
-
MD5
730ca73a23dd70b2edf3712e4d03db1c
-
SHA1
48d8ff863d43bde2614ae387841135d1b33e66da
-
SHA256
bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
-
SHA512
454b6caad5539489cbbce8efd34a2ec03b6ce38490c6c3d05f18c8825c1d70e98b1efc5974ebf92213c292d782e55abad2e1ddd0130d0ad7d2c33336a1c98f8a
-
SSDEEP
24576:4Am1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:4AmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ
Score10/10-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-