General
-
Target
ebd9d85830b4dece8604ee4ccd72d1ab_JaffaCakes118
-
Size
2.8MB
-
Sample
240410-ygk75ahg38
-
MD5
ebd9d85830b4dece8604ee4ccd72d1ab
-
SHA1
57c97b99fec3c8e3b96af38742ac0dd9494f6ae5
-
SHA256
059440fbc87f60e75424846b3843b984e860e27accd2b14c01727e259ce38d48
-
SHA512
f55397575f224ae7aaab206d85f022572f99c62b11a416c25972a53396f42a67c27949d65c70e7c5db4eda0309f6ce2f731235d4c9aa913078128cd9594e3bee
-
SSDEEP
49152:WPpKRy6jLXEi535czox51ekDRMYxcC/ofhU83y2Rep685MQvUH6d:UKRJjT3535cS1eY3EJJ3y2C6cWk
Static task
static1
Behavioral task
behavioral1
Sample
ebd9d85830b4dece8604ee4ccd72d1ab_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
bitrat
1.38
snkno.duckdns.org:43413
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
ebd9d85830b4dece8604ee4ccd72d1ab_JaffaCakes118
-
Size
2.8MB
-
MD5
ebd9d85830b4dece8604ee4ccd72d1ab
-
SHA1
57c97b99fec3c8e3b96af38742ac0dd9494f6ae5
-
SHA256
059440fbc87f60e75424846b3843b984e860e27accd2b14c01727e259ce38d48
-
SHA512
f55397575f224ae7aaab206d85f022572f99c62b11a416c25972a53396f42a67c27949d65c70e7c5db4eda0309f6ce2f731235d4c9aa913078128cd9594e3bee
-
SSDEEP
49152:WPpKRy6jLXEi535czox51ekDRMYxcC/ofhU83y2Rep685MQvUH6d:UKRJjT3535cS1eY3EJJ3y2C6cWk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-