General
-
Target
f7baffc6d2cfb545920c4a09c852b138_JaffaCakes118
-
Size
11.3MB
-
Sample
240418-lnazhshc92
-
MD5
f7baffc6d2cfb545920c4a09c852b138
-
SHA1
8c8064183e636a58f6e8cc12eb3c4a60ba1a34bd
-
SHA256
49dab872a5b2e9907b73be258b4bbba2f86677af674ed12a6a3f40b3e7543c84
-
SHA512
85007d6de19c3f2db2ba6a26a23832fbb8ed13e8d5584792d33262557eca363b2c285e9d9e56a492f8792f81eeb2723d18c8ed9d05b1c66305229bf88aa9bac4
-
SSDEEP
49152:fOawK7777777777777777777777777777777777777777777777777777777777f:fm
Static task
static1
Behavioral task
behavioral1
Sample
f7baffc6d2cfb545920c4a09c852b138_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7baffc6d2cfb545920c4a09c852b138_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
f7baffc6d2cfb545920c4a09c852b138_JaffaCakes118
-
Size
11.3MB
-
MD5
f7baffc6d2cfb545920c4a09c852b138
-
SHA1
8c8064183e636a58f6e8cc12eb3c4a60ba1a34bd
-
SHA256
49dab872a5b2e9907b73be258b4bbba2f86677af674ed12a6a3f40b3e7543c84
-
SHA512
85007d6de19c3f2db2ba6a26a23832fbb8ed13e8d5584792d33262557eca363b2c285e9d9e56a492f8792f81eeb2723d18c8ed9d05b1c66305229bf88aa9bac4
-
SSDEEP
49152:fOawK7777777777777777777777777777777777777777777777777777777777f:fm
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1