General
-
Target
ed7143cd20e6a751a175e3129edc0a69_JaffaCakes118
-
Size
983KB
-
Sample
240411-pvx96seg8v
-
MD5
ed7143cd20e6a751a175e3129edc0a69
-
SHA1
bd3ad32fc33d72bb125888afa4f3a6e535985c45
-
SHA256
b3d0cbb916b7dc3ab209eed837f696e4807ecc64e1a26f8a7561d04ed47ce38a
-
SHA512
7c814eaa4156db6b7501a95d137535bb4909d80509558ec668183cd5245d72c1bc6c57a3419344d2c917b430ee45a167df62804ab49aef261031594b20c90dd0
-
SSDEEP
24576:wZ7Xar2VsBq/OQPNovTz9/FJAZ5SzwlYC1Eu1Ech:Us4o9/gZAWYC1EK
Static task
static1
Behavioral task
behavioral1
Sample
ed7143cd20e6a751a175e3129edc0a69_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
ed7143cd20e6a751a175e3129edc0a69_JaffaCakes118
-
Size
983KB
-
MD5
ed7143cd20e6a751a175e3129edc0a69
-
SHA1
bd3ad32fc33d72bb125888afa4f3a6e535985c45
-
SHA256
b3d0cbb916b7dc3ab209eed837f696e4807ecc64e1a26f8a7561d04ed47ce38a
-
SHA512
7c814eaa4156db6b7501a95d137535bb4909d80509558ec668183cd5245d72c1bc6c57a3419344d2c917b430ee45a167df62804ab49aef261031594b20c90dd0
-
SSDEEP
24576:wZ7Xar2VsBq/OQPNovTz9/FJAZ5SzwlYC1Eu1Ech:Us4o9/gZAWYC1EK
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-