General
-
Target
fccc85e0762350fc26fd50646031b5f6_JaffaCakes118
-
Size
11.3MB
-
Sample
240420-pz8lpsha75
-
MD5
fccc85e0762350fc26fd50646031b5f6
-
SHA1
9e6636fffc2002b023b246e5c08ff641002ef232
-
SHA256
f2b1f77c8f3cc3817b73566c28f88827acdb1b48ea8985072817e97b59c5f7ac
-
SHA512
d4ef35eb8a365f6333565652fd1ddba2d8fd71050cc47860a7eb6ec36eec5a35c9cd9f3a7f48f379b5edbeb9e32883a326267062d67cdb22ec76366d6a319678
-
SSDEEP
24576:iUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmG:iF15
Static task
static1
Behavioral task
behavioral1
Sample
fccc85e0762350fc26fd50646031b5f6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fccc85e0762350fc26fd50646031b5f6_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fccc85e0762350fc26fd50646031b5f6_JaffaCakes118
-
Size
11.3MB
-
MD5
fccc85e0762350fc26fd50646031b5f6
-
SHA1
9e6636fffc2002b023b246e5c08ff641002ef232
-
SHA256
f2b1f77c8f3cc3817b73566c28f88827acdb1b48ea8985072817e97b59c5f7ac
-
SHA512
d4ef35eb8a365f6333565652fd1ddba2d8fd71050cc47860a7eb6ec36eec5a35c9cd9f3a7f48f379b5edbeb9e32883a326267062d67cdb22ec76366d6a319678
-
SSDEEP
24576:iUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmG:iF15
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1