General
-
Target
81ef0f367a7d889e893e758c5ee12490_JaffaCakes118
-
Size
173KB
-
Sample
240402-dl6dmseg91
-
MD5
81ef0f367a7d889e893e758c5ee12490
-
SHA1
c17cd8dc71f04db0f23a891c9cd17fc2317f3ba0
-
SHA256
84a3d149b8cc7ac936938d846b402f397fe5b802e7a569fba3bfbb757b6822a7
-
SHA512
1d885cd9ebc895e280a2adc5ce3cc330559b814984b9f23b0d1d536b01ec846c35df94d6a893a252e592b5030c3d6b4849736300b4eef732dc5141953d1b6ef0
-
SSDEEP
3072:z85P8Oq1P78nfL8LdRkjbiyui4PWO9LaK8XJuj7PvStrVcY:zMEPus+myurPWyGX4nnS4
Behavioral task
behavioral1
Sample
81ef0f367a7d889e893e758c5ee12490_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
81ef0f367a7d889e893e758c5ee12490_JaffaCakes118
-
Size
173KB
-
MD5
81ef0f367a7d889e893e758c5ee12490
-
SHA1
c17cd8dc71f04db0f23a891c9cd17fc2317f3ba0
-
SHA256
84a3d149b8cc7ac936938d846b402f397fe5b802e7a569fba3bfbb757b6822a7
-
SHA512
1d885cd9ebc895e280a2adc5ce3cc330559b814984b9f23b0d1d536b01ec846c35df94d6a893a252e592b5030c3d6b4849736300b4eef732dc5141953d1b6ef0
-
SSDEEP
3072:z85P8Oq1P78nfL8LdRkjbiyui4PWO9LaK8XJuj7PvStrVcY:zMEPus+myurPWyGX4nnS4
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-