General
-
Target
f3df0715d3b7e11953400f090fa6e9b7_JaffaCakes118
-
Size
795KB
-
Sample
240416-t1qjqsge2x
-
MD5
f3df0715d3b7e11953400f090fa6e9b7
-
SHA1
860a64590e4cd000c1fcfb79de623b44a6eab435
-
SHA256
00a985c346e4d72aae7dbeaaf8e17de559ad98cecbe69ff460c98a8adb7ecc89
-
SHA512
bc3bd85125d547ebd31efa98f056dbce55f6d8d491a735828d8f04a385bc6f25884c8133152f4e599df2440572bbf00ed074ceef92125708ecbe93f1325814e0
-
SSDEEP
6144:Rt08l5UU0ggfgvF88+/+YXcNMFJEz7YlR9ch25HvWhQ6TR9/0MQ6sOFYwGrVMQ6J:oJc7Ma6vAQ6TRVT1r1E1s1J
Static task
static1
Behavioral task
behavioral1
Sample
f3df0715d3b7e11953400f090fa6e9b7_JaffaCakes118.ps1
Resource
win7-20240221-en
Malware Config
Extracted
nanocore
1.2.2.0
new.libya2020.com.ly:5050
f950ab5f-b828-4de9-a177-b110943e3952
-
activate_away_mode
true
-
backup_connection_host
new.libya2020.com.ly
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2021-05-10T19:56:26.323555136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5050
-
default_group
NEW
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
f950ab5f-b828-4de9-a177-b110943e3952
-
mutex_timeout
5000
-
prevent_system_sleep
false
- primary_connection_host
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
f3df0715d3b7e11953400f090fa6e9b7_JaffaCakes118
-
Size
795KB
-
MD5
f3df0715d3b7e11953400f090fa6e9b7
-
SHA1
860a64590e4cd000c1fcfb79de623b44a6eab435
-
SHA256
00a985c346e4d72aae7dbeaaf8e17de559ad98cecbe69ff460c98a8adb7ecc89
-
SHA512
bc3bd85125d547ebd31efa98f056dbce55f6d8d491a735828d8f04a385bc6f25884c8133152f4e599df2440572bbf00ed074ceef92125708ecbe93f1325814e0
-
SSDEEP
6144:Rt08l5UU0ggfgvF88+/+YXcNMFJEz7YlR9ch25HvWhQ6TR9/0MQ6sOFYwGrVMQ6J:oJc7Ma6vAQ6TRVT1r1E1s1J
-
Suspicious use of SetThreadContext
-