General
-
Target
f3015e7fa8a419f7f1110881d4a15abf_JaffaCakes118
-
Size
14.8MB
-
Sample
240416-je699ace29
-
MD5
f3015e7fa8a419f7f1110881d4a15abf
-
SHA1
2bb0e90e81ce18596a98bb7f72eaabf63e1147f1
-
SHA256
c89d2e5ffe20c5e936a9df89dbe29d684442bdb0ec0401fdf7e34e25963866fc
-
SHA512
ed53c70614f15716e277d984d5d3131af53c407befcd72ad7398b06da3f18af7fd95d58db5eeb9c0cd16a3dc6f8334576c1236f9881738fd0785b9d3337bd06d
-
SSDEEP
49152:Tuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu:
Static task
static1
Behavioral task
behavioral1
Sample
f3015e7fa8a419f7f1110881d4a15abf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f3015e7fa8a419f7f1110881d4a15abf_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f3015e7fa8a419f7f1110881d4a15abf_JaffaCakes118
-
Size
14.8MB
-
MD5
f3015e7fa8a419f7f1110881d4a15abf
-
SHA1
2bb0e90e81ce18596a98bb7f72eaabf63e1147f1
-
SHA256
c89d2e5ffe20c5e936a9df89dbe29d684442bdb0ec0401fdf7e34e25963866fc
-
SHA512
ed53c70614f15716e277d984d5d3131af53c407befcd72ad7398b06da3f18af7fd95d58db5eeb9c0cd16a3dc6f8334576c1236f9881738fd0785b9d3337bd06d
-
SSDEEP
49152:Tuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu:
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1