General
-
Target
f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118
-
Size
1.0MB
-
Sample
240419-c9bnhaff5t
-
MD5
f95564a72a16d6a4efa39278f0721ac2
-
SHA1
4e93f6849ca3717ebb3fe64f01b2384592906464
-
SHA256
8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138
-
SHA512
d371acb9407680c06f8991d06046419ae0dd156e214ed6ce1062e0499caced63ddd5a323ca8176947555e2770d6ca2cccf9f2f59becc2997d8fc2a102565ea8d
-
SSDEEP
24576:iJjAKND1LIQgBPiXOa8tspOJy2HNyCY3rw:iJjN9IQEiXOBywmr
Static task
static1
Behavioral task
behavioral1
Sample
f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
revengerat
NyanCatRevenge
dontreachme.duckdns.org:3601
159ffe7d99124a92baa
Targets
-
-
Target
f95564a72a16d6a4efa39278f0721ac2_JaffaCakes118
-
Size
1.0MB
-
MD5
f95564a72a16d6a4efa39278f0721ac2
-
SHA1
4e93f6849ca3717ebb3fe64f01b2384592906464
-
SHA256
8c598c9782ffaf10ac7bd59c5a48acc267d15590eccba787b61cda62a7ea7138
-
SHA512
d371acb9407680c06f8991d06046419ae0dd156e214ed6ce1062e0499caced63ddd5a323ca8176947555e2770d6ca2cccf9f2f59becc2997d8fc2a102565ea8d
-
SSDEEP
24576:iJjAKND1LIQgBPiXOa8tspOJy2HNyCY3rw:iJjN9IQEiXOBywmr
-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-