General
-
Target
fc49f793d60ebf4a68fc4bc7200fc97b_JaffaCakes118
-
Size
5.0MB
-
Sample
240420-js5zcacf5w
-
MD5
fc49f793d60ebf4a68fc4bc7200fc97b
-
SHA1
54e29169a67cd0d8d3058dce9671f2af0b7f3494
-
SHA256
662c66c5f4687bb2537e99aed7b4911caa4a7ce083023171b3725e6379bc137d
-
SHA512
b5ca24c6e8c6d1673c90b07e2136a6d56a555700b1998bfa998c924c54ba2686ae7a80bf4b1d3bdb9846e4472ca90d518483a4a6e0b0e2567565465cdc8087f8
-
SSDEEP
98304:qz11Pbl5n3G8aO238xrtZPldvY9qHSoyxmTt9+xwJ1I1nsRib3JKh:qfw3sngkHSo1nG8ji9Q
Static task
static1
Behavioral task
behavioral1
Sample
fc49f793d60ebf4a68fc4bc7200fc97b_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
fc49f793d60ebf4a68fc4bc7200fc97b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fc49f793d60ebf4a68fc4bc7200fc97b_JaffaCakes118
-
Size
5.0MB
-
MD5
fc49f793d60ebf4a68fc4bc7200fc97b
-
SHA1
54e29169a67cd0d8d3058dce9671f2af0b7f3494
-
SHA256
662c66c5f4687bb2537e99aed7b4911caa4a7ce083023171b3725e6379bc137d
-
SHA512
b5ca24c6e8c6d1673c90b07e2136a6d56a555700b1998bfa998c924c54ba2686ae7a80bf4b1d3bdb9846e4472ca90d518483a4a6e0b0e2567565465cdc8087f8
-
SSDEEP
98304:qz11Pbl5n3G8aO238xrtZPldvY9qHSoyxmTt9+xwJ1I1nsRib3JKh:qfw3sngkHSo1nG8ji9Q
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-