General
-
Target
bb01cd684fa5892a7c139647c938df4a_JaffaCakes118
-
Size
163KB
-
Sample
240404-r3m6aabb43
-
MD5
bb01cd684fa5892a7c139647c938df4a
-
SHA1
c6c37897304becfcf297ac11f5070927188c01f3
-
SHA256
951019555164f8124390be26019630c6b08a1506929c7e45f8758ea5f82a37c6
-
SHA512
c0b3a2c154770b0af3644bf2b51f0a89e5d729aaa768504400e43b81a14e1a03e636e2ffda9838ed13633ea1965b35e3af34ad2cf58a8b6ce89d4f60819a4056
-
SSDEEP
3072:Efi6x9579IhTOc/0i5n4HWE07OVNqwn7Lcu1AYcY:EfdIPBUWiqw7Lj1AV
Behavioral task
behavioral1
Sample
bb01cd684fa5892a7c139647c938df4a_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
bb01cd684fa5892a7c139647c938df4a_JaffaCakes118
-
Size
163KB
-
MD5
bb01cd684fa5892a7c139647c938df4a
-
SHA1
c6c37897304becfcf297ac11f5070927188c01f3
-
SHA256
951019555164f8124390be26019630c6b08a1506929c7e45f8758ea5f82a37c6
-
SHA512
c0b3a2c154770b0af3644bf2b51f0a89e5d729aaa768504400e43b81a14e1a03e636e2ffda9838ed13633ea1965b35e3af34ad2cf58a8b6ce89d4f60819a4056
-
SSDEEP
3072:Efi6x9579IhTOc/0i5n4HWE07OVNqwn7Lcu1AYcY:EfdIPBUWiqw7Lj1AV
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-