General
-
Target
d35381609a7837b54625620b260ceba0_JaffaCakes118
-
Size
580KB
-
Sample
240405-pbmpbsbe51
-
MD5
d35381609a7837b54625620b260ceba0
-
SHA1
e2a849cd29fe4584fe183ec4a3d231b96c11510f
-
SHA256
e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54
-
SHA512
a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e
-
SSDEEP
12288:Q4gzhRXZrOMlRYpl3U077HwPoTxqLWPiXjJ/whUFT:ehRXZr1ypl3p77QwTUki9/who
Static task
static1
Behavioral task
behavioral1
Sample
d35381609a7837b54625620b260ceba0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d35381609a7837b54625620b260ceba0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d35381609a7837b54625620b260ceba0_JaffaCakes118
-
Size
580KB
-
MD5
d35381609a7837b54625620b260ceba0
-
SHA1
e2a849cd29fe4584fe183ec4a3d231b96c11510f
-
SHA256
e451310ccd2dc212d3c4233ef75c6bd4a6b238e6ef44119ae4769cac2a2e5f54
-
SHA512
a12e110cba61403f88f16ce101297d221f29050c5b7111245c73ed6dbd797493d3f96ed18a175106a1f49d57bd628b2e69695c637e624319a848dc513fd3092e
-
SSDEEP
12288:Q4gzhRXZrOMlRYpl3U077HwPoTxqLWPiXjJ/whUFT:ehRXZr1ypl3p77QwTUki9/who
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-