General
-
Target
eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118
-
Size
268KB
-
Sample
240410-vjshfaee32
-
MD5
eb8ef81aa90adb59843cb2f1ae29f6a9
-
SHA1
604346cee0a583ac4a05f13c77af6a9b54bfca9e
-
SHA256
1c8ac9c57b64711376919b6c1150ac49d046d19d64bcd20d2e403c52ae209bd6
-
SHA512
78c67d3d3b219a88370def3c3c0468bfc3cde4a9df3b29e196d0b0930576a7dc49d42657d6da4f06168d03871ab41c899e87594d5939a8cb0f474db64a5e2b9c
-
SSDEEP
6144:j1ypgwVGt1e6Ezufw6K6hQtgLB1XHE9g+koz+ZcIf:htAVufw63hQtyB1XE9Oozd
Static task
static1
Behavioral task
behavioral1
Sample
eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
eb8ef81aa90adb59843cb2f1ae29f6a9_JaffaCakes118
-
Size
268KB
-
MD5
eb8ef81aa90adb59843cb2f1ae29f6a9
-
SHA1
604346cee0a583ac4a05f13c77af6a9b54bfca9e
-
SHA256
1c8ac9c57b64711376919b6c1150ac49d046d19d64bcd20d2e403c52ae209bd6
-
SHA512
78c67d3d3b219a88370def3c3c0468bfc3cde4a9df3b29e196d0b0930576a7dc49d42657d6da4f06168d03871ab41c899e87594d5939a8cb0f474db64a5e2b9c
-
SSDEEP
6144:j1ypgwVGt1e6Ezufw6K6hQtgLB1XHE9g+koz+ZcIf:htAVufw63hQtyB1XE9Oozd
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-