General
-
Target
f0571d537fdfb84ba04c35bf28fc6efd_JaffaCakes118
-
Size
13.5MB
-
Sample
240415-fd541seh27
-
MD5
f0571d537fdfb84ba04c35bf28fc6efd
-
SHA1
dd7312afd7271ca7fcda619a8d727028ffb8ba68
-
SHA256
b7a610c7f989b5fc0b92106990ecf5a79c87d70f18365e2ec5b096e5e3af6379
-
SHA512
7f4f75c788014b865497f7cf64c13db8fcc8f4b2211b716baab4d2f0d0b251f7110b598694e984b6d1cf8572323f35ea6d61100f52fbb0a2cd6cd052c59d8dcc
-
SSDEEP
24576:YjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBb:Ynh
Static task
static1
Behavioral task
behavioral1
Sample
f0571d537fdfb84ba04c35bf28fc6efd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0571d537fdfb84ba04c35bf28fc6efd_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f0571d537fdfb84ba04c35bf28fc6efd_JaffaCakes118
-
Size
13.5MB
-
MD5
f0571d537fdfb84ba04c35bf28fc6efd
-
SHA1
dd7312afd7271ca7fcda619a8d727028ffb8ba68
-
SHA256
b7a610c7f989b5fc0b92106990ecf5a79c87d70f18365e2ec5b096e5e3af6379
-
SHA512
7f4f75c788014b865497f7cf64c13db8fcc8f4b2211b716baab4d2f0d0b251f7110b598694e984b6d1cf8572323f35ea6d61100f52fbb0a2cd6cd052c59d8dcc
-
SSDEEP
24576:YjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBb:Ynh
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2