General
-
Target
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118
-
Size
5.3MB
-
Sample
240416-ptfzhaad98
-
MD5
7ceb3e676313c920a35ad525ce9b9fe7
-
SHA1
24a6f335e885bc0bafd8129b7fa13dce4aabb430
-
SHA256
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32
-
SHA512
f0e1df942ffe51a777745a0ebd8e62a87b9952ffcc6eb4c1b48fa6bfa783076e7e46203f7a0425893a953e205f4d23d8cd86c205c7a5dc018df5045c5a8e4963
-
SSDEEP
98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91
Behavioral task
behavioral1
Sample
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32_JaffaCakes118
-
Size
5.3MB
-
MD5
7ceb3e676313c920a35ad525ce9b9fe7
-
SHA1
24a6f335e885bc0bafd8129b7fa13dce4aabb430
-
SHA256
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32
-
SHA512
f0e1df942ffe51a777745a0ebd8e62a87b9952ffcc6eb4c1b48fa6bfa783076e7e46203f7a0425893a953e205f4d23d8cd86c205c7a5dc018df5045c5a8e4963
-
SSDEEP
98304:GBze+DWzwgfjGmMdivlucHq81K0U4DzRtNCC6rYOALRiNKpRyE3Rb1:4ze9cidud8pUSzpXOALRi4pT91
-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-