General
-
Target
fc8689f0eceff18d958eb59b7d2c31fc_JaffaCakes118
-
Size
13.6MB
-
Sample
240420-l9jtjseg21
-
MD5
fc8689f0eceff18d958eb59b7d2c31fc
-
SHA1
1bf9746ab6de03b237e9610f26e018db2bdaa0aa
-
SHA256
fe63f09d06765b954959e9d86d9d9f550c7e4c2c5e6fb07bc53be0c61bc7f417
-
SHA512
7dbdd25fd84529eed80cc3bbb7db416c8ee45c068be591cc07076cbfd06565717e343415f75871a6cf96d62992176274938f09cb27e522203d24337f01fb5fb1
-
SSDEEP
196608:+Lad4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqv:+L
Static task
static1
Behavioral task
behavioral1
Sample
fc8689f0eceff18d958eb59b7d2c31fc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc8689f0eceff18d958eb59b7d2c31fc_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fc8689f0eceff18d958eb59b7d2c31fc_JaffaCakes118
-
Size
13.6MB
-
MD5
fc8689f0eceff18d958eb59b7d2c31fc
-
SHA1
1bf9746ab6de03b237e9610f26e018db2bdaa0aa
-
SHA256
fe63f09d06765b954959e9d86d9d9f550c7e4c2c5e6fb07bc53be0c61bc7f417
-
SHA512
7dbdd25fd84529eed80cc3bbb7db416c8ee45c068be591cc07076cbfd06565717e343415f75871a6cf96d62992176274938f09cb27e522203d24337f01fb5fb1
-
SSDEEP
196608:+Lad4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqv:+L
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1