General
-
Target
f0ad0a3397a5620fa45fc38eeb867532_JaffaCakes118
-
Size
12.6MB
-
Sample
240415-kkj8cach4v
-
MD5
f0ad0a3397a5620fa45fc38eeb867532
-
SHA1
da69ca4e9e1645754b5661b0b44b45c0fab33b64
-
SHA256
dd658d43c571781fa7b766963ef9299de0fb64d09cdf20f7e8bcd286fefad71f
-
SHA512
e66cd24b252a08b0036e3b3f32ffb7b59384c8e3c0d7d7cdb6f2c4795cb59e9741f3f28bfd5e760a4af69c7eff621776a8c7a1816945f72e5bbb44b319f2af3b
-
SSDEEP
49152:aaafPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:a
Static task
static1
Behavioral task
behavioral1
Sample
f0ad0a3397a5620fa45fc38eeb867532_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0ad0a3397a5620fa45fc38eeb867532_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
f0ad0a3397a5620fa45fc38eeb867532_JaffaCakes118
-
Size
12.6MB
-
MD5
f0ad0a3397a5620fa45fc38eeb867532
-
SHA1
da69ca4e9e1645754b5661b0b44b45c0fab33b64
-
SHA256
dd658d43c571781fa7b766963ef9299de0fb64d09cdf20f7e8bcd286fefad71f
-
SHA512
e66cd24b252a08b0036e3b3f32ffb7b59384c8e3c0d7d7cdb6f2c4795cb59e9741f3f28bfd5e760a4af69c7eff621776a8c7a1816945f72e5bbb44b319f2af3b
-
SSDEEP
49152:aaafPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:a
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2