General
-
Target
ec47b8aaf985ad3281a39343cb9313c6_JaffaCakes118
-
Size
630KB
-
Sample
240411-ae3sdsfa57
-
MD5
ec47b8aaf985ad3281a39343cb9313c6
-
SHA1
928479a37a95a4ab323b357309f1207dbafd8014
-
SHA256
4a21c67a66d46f626e69149edd166be362af67f632003bb02dfbf16d922edf5a
-
SHA512
1de3903de885c465eae26de46ee0bedf5c9ac7c34b8d7835925eefb0129b5c80991f40d0a14f037a055304a8c6a841323b05b88adbbae43848d30f367676bcf6
-
SSDEEP
12288:K3hVul7luUTld5sKWik1EX16I/551c67uoYsInTlamC3zcKiAK71ArE0f:CVSlu+lYik6Iy7zO+3zNbK71A9
Static task
static1
Behavioral task
behavioral1
Sample
NEXT MONTH QUATATION.jar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
NEXT MONTH QUATATION.jar
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
NEXT MONTH QUATATION.jar
-
Size
630KB
-
MD5
1cb26ec11c4df6bc04d20aae4830a1e8
-
SHA1
829358de0c0cb8d94932fb1183ee6a244efc7c3f
-
SHA256
58c1ba56c322723ffe253d1b17a88006e22e5c6970a75e75d2d6e6f1c2b7982a
-
SHA512
d5cee397d039d909d2b86ab4dc7ec4b49ea617022af32d0dc54f22a010a9f074d933bb795a344ab083f9195d545ed167f56bcdf8d82f574aead8a146d330922d
-
SSDEEP
12288:03hVSl7lusTldtsKWic1EX16X/55Lc67uoYsUnflaDC3zTKiAKX1ArEF:UV2luGl4ic6IL7zUD3zmbKX1A2
Score10/10-
Class file contains resources related to AdWind
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-