General
-
Target
f1efb145c5dda056d48a9442dc04926a_JaffaCakes118
-
Size
12.6MB
-
Sample
240415-z2rq3sge69
-
MD5
f1efb145c5dda056d48a9442dc04926a
-
SHA1
eaebffb29a1611d484e18a11af6dfdabd05fec3e
-
SHA256
d295cb6824f3b1dee15da5e235dd3af4cd06c839a7c56adf62be284c4763ac7a
-
SHA512
d3cdac4f2d34d26d8896dfbc6e4b42d7169b8ecb110067846d35bd893c9540613a16eb98409b5e4997d88475be5127237fc58a2d3978285cb6dfba35d70c7902
-
SSDEEP
196608:XE/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvn:XE
Static task
static1
Behavioral task
behavioral1
Sample
f1efb145c5dda056d48a9442dc04926a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f1efb145c5dda056d48a9442dc04926a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f1efb145c5dda056d48a9442dc04926a_JaffaCakes118
-
Size
12.6MB
-
MD5
f1efb145c5dda056d48a9442dc04926a
-
SHA1
eaebffb29a1611d484e18a11af6dfdabd05fec3e
-
SHA256
d295cb6824f3b1dee15da5e235dd3af4cd06c839a7c56adf62be284c4763ac7a
-
SHA512
d3cdac4f2d34d26d8896dfbc6e4b42d7169b8ecb110067846d35bd893c9540613a16eb98409b5e4997d88475be5127237fc58a2d3978285cb6dfba35d70c7902
-
SSDEEP
196608:XE/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvn:XE
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2