General
-
Target
f2908395b8a8846d7c3752da7ffcc9ad_JaffaCakes118
-
Size
12.9MB
-
Sample
240416-dtvl4saa3w
-
MD5
f2908395b8a8846d7c3752da7ffcc9ad
-
SHA1
16c1bc4e5ac73414c889c3d49de2a67f3b88f517
-
SHA256
c02ce7fba728b8b8d459ff2a48fbbd0986cd474a16e339457b4d0e7ca538036d
-
SHA512
edb752d6c9e28dd06331882d407a0636c92cb97d38298610f8d3ea7fee8d94d7490498ceb4d5432e0ca06f90b9de1d0c592186bd1abce277d4904f18d22f8476
-
SSDEEP
24576:perU5sWbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbr:psW
Static task
static1
Behavioral task
behavioral1
Sample
f2908395b8a8846d7c3752da7ffcc9ad_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
f2908395b8a8846d7c3752da7ffcc9ad_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f2908395b8a8846d7c3752da7ffcc9ad_JaffaCakes118
-
Size
12.9MB
-
MD5
f2908395b8a8846d7c3752da7ffcc9ad
-
SHA1
16c1bc4e5ac73414c889c3d49de2a67f3b88f517
-
SHA256
c02ce7fba728b8b8d459ff2a48fbbd0986cd474a16e339457b4d0e7ca538036d
-
SHA512
edb752d6c9e28dd06331882d407a0636c92cb97d38298610f8d3ea7fee8d94d7490498ceb4d5432e0ca06f90b9de1d0c592186bd1abce277d4904f18d22f8476
-
SSDEEP
24576:perU5sWbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbr:psW
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1