General
-
Target
ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118
-
Size
1.4MB
-
Sample
240412-d386vsdg72
-
MD5
ef07bdb06bb72802df7cc3e7ebb13014
-
SHA1
efcb922f43033ea3166fc1fde3d842799faf5552
-
SHA256
0438d9333fdb810b6ca113c17017f0051077c542bab7d34646be272f575cc5b7
-
SHA512
bca9a1759192f83639a606bdd051890eb91bf75206e661a5b380d3f265dc1483c538955e26862ba874da6ae9d394e93490c5de2967ac9f84c42f1b1328bd3c67
-
SSDEEP
24576:eTj7ope1XnPzDuPxy3nyjmaRNKMZFHhrFCKezhDgWFdSiA993qz7ea:G7opuPXuM3nomCNnBhCnRdFdSi093qXN
Behavioral task
behavioral1
Sample
ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.xxhufdc.top/
http://www.uefhkice.xyz/
http://www.wygexde.xyz/
Targets
-
-
Target
ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118
-
Size
1.4MB
-
MD5
ef07bdb06bb72802df7cc3e7ebb13014
-
SHA1
efcb922f43033ea3166fc1fde3d842799faf5552
-
SHA256
0438d9333fdb810b6ca113c17017f0051077c542bab7d34646be272f575cc5b7
-
SHA512
bca9a1759192f83639a606bdd051890eb91bf75206e661a5b380d3f265dc1483c538955e26862ba874da6ae9d394e93490c5de2967ac9f84c42f1b1328bd3c67
-
SSDEEP
24576:eTj7ope1XnPzDuPxy3nyjmaRNKMZFHhrFCKezhDgWFdSiA993qz7ea:G7opuPXuM3nomCNnBhCnRdFdSi093qXN
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-