General
-
Target
f2500e9a3134b4790760b2ef60c0144b_JaffaCakes118
-
Size
10.6MB
-
Sample
240416-a77xtaeh2w
-
MD5
f2500e9a3134b4790760b2ef60c0144b
-
SHA1
1c3f9aaa8988227ebad2686e977533d53e51b162
-
SHA256
064748a64b3e6198f3f9b3821f8aa4b74ee9d687503a1e9ded2926308a86517f
-
SHA512
ba69ce0db33d4691641f7dbdc4ae3b2a582e1a47d12d606b0ba1761bf5d442f3e772aeb7327c6ea6293144c3ccb923d86e578db6e3a96f8537584d342576173a
-
SSDEEP
24576:AerU5sWbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb7:AsW
Static task
static1
Behavioral task
behavioral1
Sample
f2500e9a3134b4790760b2ef60c0144b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f2500e9a3134b4790760b2ef60c0144b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f2500e9a3134b4790760b2ef60c0144b_JaffaCakes118
-
Size
10.6MB
-
MD5
f2500e9a3134b4790760b2ef60c0144b
-
SHA1
1c3f9aaa8988227ebad2686e977533d53e51b162
-
SHA256
064748a64b3e6198f3f9b3821f8aa4b74ee9d687503a1e9ded2926308a86517f
-
SHA512
ba69ce0db33d4691641f7dbdc4ae3b2a582e1a47d12d606b0ba1761bf5d442f3e772aeb7327c6ea6293144c3ccb923d86e578db6e3a96f8537584d342576173a
-
SSDEEP
24576:AerU5sWbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb7:AsW
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2