General
-
Target
f3cad536f7b02e9b4585980cb56c4f06_JaffaCakes118
-
Size
14.9MB
-
Sample
240416-s3fa4sdg67
-
MD5
f3cad536f7b02e9b4585980cb56c4f06
-
SHA1
ab02e0f1058250ff3d1ea6083b965721d8939915
-
SHA256
8a93c65824b1533d359ad03057a4da0ee83dc4394f624e02cc28ecbc81228c61
-
SHA512
d941192fb90f982e4891ec4d74cf4ca5979679ceaa7c3c55e3b23ebf62910c51c85799154a5e3d9da3f26f6396f01d36c3dbe76ccbd323532b842adbd90a3552
-
SSDEEP
6144:/pcqzKUTS5Yde/qyQK8ZtqTMIKC/eUPFwUnyaAjLo7pU6eD:vKUO54e/q60tmT7/xPFwVjs7G6
Static task
static1
Behavioral task
behavioral1
Sample
f3cad536f7b02e9b4585980cb56c4f06_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f3cad536f7b02e9b4585980cb56c4f06_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f3cad536f7b02e9b4585980cb56c4f06_JaffaCakes118
-
Size
14.9MB
-
MD5
f3cad536f7b02e9b4585980cb56c4f06
-
SHA1
ab02e0f1058250ff3d1ea6083b965721d8939915
-
SHA256
8a93c65824b1533d359ad03057a4da0ee83dc4394f624e02cc28ecbc81228c61
-
SHA512
d941192fb90f982e4891ec4d74cf4ca5979679ceaa7c3c55e3b23ebf62910c51c85799154a5e3d9da3f26f6396f01d36c3dbe76ccbd323532b842adbd90a3552
-
SSDEEP
6144:/pcqzKUTS5Yde/qyQK8ZtqTMIKC/eUPFwUnyaAjLo7pU6eD:vKUO54e/q60tmT7/xPFwVjs7G6
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1