General

  • Target

    f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240416-ptfzhaad98

  • MD5

    7ceb3e676313c920a35ad525ce9b9fe7

  • SHA1

    24a6f335e885bc0bafd8129b7fa13dce4aabb430

  • SHA256

    f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32

  • SHA512

    f0e1df942ffe51a777745a0ebd8e62a87b9952ffcc6eb4c1b48fa6bfa783076e7e46203f7a0425893a953e205f4d23d8cd86c205c7a5dc018df5045c5a8e4963

  • SSDEEP

    98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91

Malware Config

Targets

    • Target

      f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118

    • Size

      5.3MB

    • MD5

      7ceb3e676313c920a35ad525ce9b9fe7

    • SHA1

      24a6f335e885bc0bafd8129b7fa13dce4aabb430

    • SHA256

      f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32

    • SHA512

      f0e1df942ffe51a777745a0ebd8e62a87b9952ffcc6eb4c1b48fa6bfa783076e7e46203f7a0425893a953e205f4d23d8cd86c205c7a5dc018df5045c5a8e4963

    • SSDEEP

      98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91

    Score
    10/10
    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks