General
-
Target
f04f786239875252b9f051c7a26a32e5_JaffaCakes118
-
Size
14.6MB
-
Sample
240415-e4mjxsha8z
-
MD5
f04f786239875252b9f051c7a26a32e5
-
SHA1
6aadc2d82f7c210ee366ced36c8abd01a1533500
-
SHA256
99259985cf1a4857ec1f009ccab8a757018feb2298b058cffb92862f1f603f2e
-
SHA512
221e9ca818d4ed3e2278b5f425f3d122179e9ff6a1c0432905cb61fe85c78d45d6bc7d518c4572e27ecbb3a4be317097f327dbb382d9fca1ac3112277e93703f
-
SSDEEP
49152:4NS3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3SH:4
Static task
static1
Behavioral task
behavioral1
Sample
f04f786239875252b9f051c7a26a32e5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f04f786239875252b9f051c7a26a32e5_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
f04f786239875252b9f051c7a26a32e5_JaffaCakes118
-
Size
14.6MB
-
MD5
f04f786239875252b9f051c7a26a32e5
-
SHA1
6aadc2d82f7c210ee366ced36c8abd01a1533500
-
SHA256
99259985cf1a4857ec1f009ccab8a757018feb2298b058cffb92862f1f603f2e
-
SHA512
221e9ca818d4ed3e2278b5f425f3d122179e9ff6a1c0432905cb61fe85c78d45d6bc7d518c4572e27ecbb3a4be317097f327dbb382d9fca1ac3112277e93703f
-
SSDEEP
49152:4NS3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3S3SH:4
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2