General
-
Target
f93df5b9d273ec9921943e36de014dfc_JaffaCakes118
-
Size
759KB
-
Sample
240419-b9kezaee2x
-
MD5
f93df5b9d273ec9921943e36de014dfc
-
SHA1
95d42a9e6c989ebd15b24c2ae997b142f5c063cd
-
SHA256
194c939150cd885553cc6e02f1c8dbe5fb7bf327556245d76d6ea165ec959670
-
SHA512
4fd5fbc6cd08367de3bbf71d05dd5ef0dd205ee8655b4511ff6249db2d47870a8173fee158a66bab55d8bcf5c02cb4f402584d23274fd8184d24264657e60cf0
-
SSDEEP
12288:afyWzL1hFtK0pMQS3NRLSbL/3PiSQ9GLLsHBsVIdEJ6p206Z0yY9qigKekeqn/:sL1hFtK+9vPc9G4BsZP0RyABePqn/
Static task
static1
Behavioral task
behavioral1
Sample
f93df5b9d273ec9921943e36de014dfc_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
smarew72.top
moriwi07.top
-
payload_url
http://guruzo10.top/download.php?file=lv.exe
Targets
-
-
Target
f93df5b9d273ec9921943e36de014dfc_JaffaCakes118
-
Size
759KB
-
MD5
f93df5b9d273ec9921943e36de014dfc
-
SHA1
95d42a9e6c989ebd15b24c2ae997b142f5c063cd
-
SHA256
194c939150cd885553cc6e02f1c8dbe5fb7bf327556245d76d6ea165ec959670
-
SHA512
4fd5fbc6cd08367de3bbf71d05dd5ef0dd205ee8655b4511ff6249db2d47870a8173fee158a66bab55d8bcf5c02cb4f402584d23274fd8184d24264657e60cf0
-
SSDEEP
12288:afyWzL1hFtK0pMQS3NRLSbL/3PiSQ9GLLsHBsVIdEJ6p206Z0yY9qigKekeqn/:sL1hFtK+9vPc9G4BsZP0RyABePqn/
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-