General
-
Target
fb725cdde0c644bf58ed7bc807d400fe_JaffaCakes118
-
Size
11.0MB
-
Sample
240419-3w411aag57
-
MD5
fb725cdde0c644bf58ed7bc807d400fe
-
SHA1
4c31c781d128da8576b73cb86596720d0faaab3c
-
SHA256
3b81501b4c22dbf3d58fd6af148aacdc7bc1acf761a3f7209e351b1bde12616b
-
SHA512
eec1664315a2fb1625705fc7980c007fc790675c9ad2c13c6db01ee5adb7c6114c2b8cdb1f1dd6ac5ecacddce6e35d0616d20d086aac7fe0d78ee02636edb71d
-
SSDEEP
12288:4IIW7A7qL8SHSIiwN/iZBqAsArTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT3:5A7qLNNf
Static task
static1
Behavioral task
behavioral1
Sample
fb725cdde0c644bf58ed7bc807d400fe_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb725cdde0c644bf58ed7bc807d400fe_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fb725cdde0c644bf58ed7bc807d400fe_JaffaCakes118
-
Size
11.0MB
-
MD5
fb725cdde0c644bf58ed7bc807d400fe
-
SHA1
4c31c781d128da8576b73cb86596720d0faaab3c
-
SHA256
3b81501b4c22dbf3d58fd6af148aacdc7bc1acf761a3f7209e351b1bde12616b
-
SHA512
eec1664315a2fb1625705fc7980c007fc790675c9ad2c13c6db01ee5adb7c6114c2b8cdb1f1dd6ac5ecacddce6e35d0616d20d086aac7fe0d78ee02636edb71d
-
SSDEEP
12288:4IIW7A7qL8SHSIiwN/iZBqAsArTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT3:5A7qLNNf
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1