General
-
Target
f97ac5a687cc94db960df62fb910a74a_JaffaCakes118
-
Size
11.6MB
-
Sample
240419-etqtlahd7x
-
MD5
f97ac5a687cc94db960df62fb910a74a
-
SHA1
24b5c7775506327081ea3ed0093c62d938dd50e4
-
SHA256
00423b5dc446d975260c85ace9a92f27398430fd56bbb3d42e190d281de8d954
-
SHA512
ab81fd40d42ad8dd102b48906d5fba078360001cb300743b8e90849bc38d22f40302b6e26ee5d45f0b6bf1bd082e0293adee78ed3e21668c3c55b014d9746c0b
-
SSDEEP
196608:QPHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHn:Q
Static task
static1
Behavioral task
behavioral1
Sample
f97ac5a687cc94db960df62fb910a74a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f97ac5a687cc94db960df62fb910a74a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f97ac5a687cc94db960df62fb910a74a_JaffaCakes118
-
Size
11.6MB
-
MD5
f97ac5a687cc94db960df62fb910a74a
-
SHA1
24b5c7775506327081ea3ed0093c62d938dd50e4
-
SHA256
00423b5dc446d975260c85ace9a92f27398430fd56bbb3d42e190d281de8d954
-
SHA512
ab81fd40d42ad8dd102b48906d5fba078360001cb300743b8e90849bc38d22f40302b6e26ee5d45f0b6bf1bd082e0293adee78ed3e21668c3c55b014d9746c0b
-
SSDEEP
196608:QPHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHn:Q
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1