General
-
Target
f556b46080b93cac81ba2773afed7bc2_JaffaCakes118
-
Size
13.5MB
-
Sample
240417-j2dapabb2s
-
MD5
f556b46080b93cac81ba2773afed7bc2
-
SHA1
8be59c47609a82572e2e4763d29d9385819116df
-
SHA256
1dd18b571a7f0c1aa7dab349223d00dfe5d77a1ade424294e146e27f0711f9c4
-
SHA512
0923bba76971117e1ca4cc8dee3269fc9673162486af8fc18a997db5cbbfdf5730f5c6375edc9134d4e7d9ab4a182c74eed47d29ef09fda53dfc010fa855c638
-
SSDEEP
12288:QIIW7A7qL8SHSIiwN/iZBqAsArTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTD:RA7qLNNf
Static task
static1
Behavioral task
behavioral1
Sample
f556b46080b93cac81ba2773afed7bc2_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f556b46080b93cac81ba2773afed7bc2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f556b46080b93cac81ba2773afed7bc2_JaffaCakes118
-
Size
13.5MB
-
MD5
f556b46080b93cac81ba2773afed7bc2
-
SHA1
8be59c47609a82572e2e4763d29d9385819116df
-
SHA256
1dd18b571a7f0c1aa7dab349223d00dfe5d77a1ade424294e146e27f0711f9c4
-
SHA512
0923bba76971117e1ca4cc8dee3269fc9673162486af8fc18a997db5cbbfdf5730f5c6375edc9134d4e7d9ab4a182c74eed47d29ef09fda53dfc010fa855c638
-
SSDEEP
12288:QIIW7A7qL8SHSIiwN/iZBqAsArTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTD:RA7qLNNf
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1