General
-
Target
f75d6b1dffda8c5730718cab5dd19616_JaffaCakes118
-
Size
13.9MB
-
Sample
240418-f7tyvadg6t
-
MD5
f75d6b1dffda8c5730718cab5dd19616
-
SHA1
f75b81e452246d015f51314b6bdb1a8eb67bbf9a
-
SHA256
33f705632625e6e1ead56838de42648696c964f1984578ce30998e008f854ebe
-
SHA512
3cb83f943d23e667fbcad24c8f754a4359bdccc31efb950d4a8e3b5fcb274935a93afc01fb59c33282a499d9e61e6dd04d68064e0f3c8f0b704e598535ce66e0
-
SSDEEP
6144:OJu3szifRNFyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyH:8uHf7
Static task
static1
Behavioral task
behavioral1
Sample
f75d6b1dffda8c5730718cab5dd19616_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f75d6b1dffda8c5730718cab5dd19616_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
f75d6b1dffda8c5730718cab5dd19616_JaffaCakes118
-
Size
13.9MB
-
MD5
f75d6b1dffda8c5730718cab5dd19616
-
SHA1
f75b81e452246d015f51314b6bdb1a8eb67bbf9a
-
SHA256
33f705632625e6e1ead56838de42648696c964f1984578ce30998e008f854ebe
-
SHA512
3cb83f943d23e667fbcad24c8f754a4359bdccc31efb950d4a8e3b5fcb274935a93afc01fb59c33282a499d9e61e6dd04d68064e0f3c8f0b704e598535ce66e0
-
SSDEEP
6144:OJu3szifRNFyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyH:8uHf7
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1