General
-
Target
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118
-
Size
380KB
-
Sample
240419-f254xsah7y
-
MD5
f998121d523426ed0afed3d21dfb0d69
-
SHA1
fd4da5a1bd5ec4d6508c78a01f0002a3348df0e7
-
SHA256
7a9a5279a3ced8e2aabcb0edf0c1f5f935d33b49807de894774ad8f9c51a02f8
-
SHA512
c701c0bd0a129adb3593e66d6867f605f305a28c02351c3df607505f0e6bbe66d8755d8b9ac8ea22b550b233fed7335a179100b8bf889d843d6a8a540b1334f0
-
SSDEEP
6144:V6C4vUQ2R02etDfet3Agp0q9ygbX+1RzDU8vTMpcvEF:V7Q002e1saMJcR/VbKcvi
Behavioral task
behavioral1
Sample
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/tDBQY6gT
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Targets
-
-
Target
f998121d523426ed0afed3d21dfb0d69_JaffaCakes118
-
Size
380KB
-
MD5
f998121d523426ed0afed3d21dfb0d69
-
SHA1
fd4da5a1bd5ec4d6508c78a01f0002a3348df0e7
-
SHA256
7a9a5279a3ced8e2aabcb0edf0c1f5f935d33b49807de894774ad8f9c51a02f8
-
SHA512
c701c0bd0a129adb3593e66d6867f605f305a28c02351c3df607505f0e6bbe66d8755d8b9ac8ea22b550b233fed7335a179100b8bf889d843d6a8a540b1334f0
-
SSDEEP
6144:V6C4vUQ2R02etDfet3Agp0q9ygbX+1RzDU8vTMpcvEF:V7Q002e1saMJcR/VbKcvi
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-