General
-
Target
f6688fc48cbe1c59e618a34f42939d97_JaffaCakes118
-
Size
14.0MB
-
Sample
240417-w53qzaab74
-
MD5
f6688fc48cbe1c59e618a34f42939d97
-
SHA1
ce93f51dbf4ca4ee41113ef973bc8affaa4cad90
-
SHA256
817c64580c9550a7e0cd91965c6397328868a6b13f2b4710de742de213746af2
-
SHA512
49e7a804d3a19aba2703beaa8f5d065c04b8f49ffa478916b9906c6c806d5e85bfbd5e7604d3e0e46a3c1c9585dc304765d503d3967fe0e1ceb5b98c2f9288d8
-
SSDEEP
49152:CZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:
Static task
static1
Behavioral task
behavioral1
Sample
f6688fc48cbe1c59e618a34f42939d97_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f6688fc48cbe1c59e618a34f42939d97_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f6688fc48cbe1c59e618a34f42939d97_JaffaCakes118
-
Size
14.0MB
-
MD5
f6688fc48cbe1c59e618a34f42939d97
-
SHA1
ce93f51dbf4ca4ee41113ef973bc8affaa4cad90
-
SHA256
817c64580c9550a7e0cd91965c6397328868a6b13f2b4710de742de213746af2
-
SHA512
49e7a804d3a19aba2703beaa8f5d065c04b8f49ffa478916b9906c6c806d5e85bfbd5e7604d3e0e46a3c1c9585dc304765d503d3967fe0e1ceb5b98c2f9288d8
-
SSDEEP
49152:CZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1