General
-
Target
fe19016e9f9cfe4fc3d026026a1f48e8_JaffaCakes118
-
Size
10.8MB
-
Sample
240421-bqnchsfe9v
-
MD5
fe19016e9f9cfe4fc3d026026a1f48e8
-
SHA1
eb0fbd3585f570b721cd2b2cc68b989d6386cddb
-
SHA256
4d67de40a8d236685294984a23ccbc7afba9ac32bcb7cd6d0db612834b226d5f
-
SHA512
6aa4bda6df3d8a44d8e5c66c6d79610d1afe9b17506f345a1757582680775196be6c2a9678051657f8dd4e9b9c40e8771f20bd1bb92d1b370888684681775990
-
SSDEEP
24576:Ugdy5yNM4444444444444444444444444444444444444444444444444444444Y:
Static task
static1
Behavioral task
behavioral1
Sample
fe19016e9f9cfe4fc3d026026a1f48e8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe19016e9f9cfe4fc3d026026a1f48e8_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
fe19016e9f9cfe4fc3d026026a1f48e8_JaffaCakes118
-
Size
10.8MB
-
MD5
fe19016e9f9cfe4fc3d026026a1f48e8
-
SHA1
eb0fbd3585f570b721cd2b2cc68b989d6386cddb
-
SHA256
4d67de40a8d236685294984a23ccbc7afba9ac32bcb7cd6d0db612834b226d5f
-
SHA512
6aa4bda6df3d8a44d8e5c66c6d79610d1afe9b17506f345a1757582680775196be6c2a9678051657f8dd4e9b9c40e8771f20bd1bb92d1b370888684681775990
-
SSDEEP
24576:Ugdy5yNM4444444444444444444444444444444444444444444444444444444Y:
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1